Об этом курсе: This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.
Преподаватели: Michael Hicks, Professor
Department of Computer Science
| Основные сведения | Course 2 of 5 in the Cybersecurity Specialization |
| Выполнение | 6 weeks of study, 3-5 hours/week |
| Язык | English, Субтитры: Korean |
| Как пройти курс | Чтобы пройти курс, выполните все оцениваемые задания. |
| Оценки пользователей |
- Reading: Introductory Reading
- Reading: Syllabus
- Видео: What is software security?
- Видео: Tour of the course and expected background
- Practice Quiz: Qualifying Quiz
- Reading: FAQ and Errata
- Reading: Glossary
- Reading: Week 1 Reading
- Видео: Memory Layout
- Видео: Buffer Overflow
- Видео: Code Injection
- Видео: Other Memory Exploits
- Видео: Format String Vulnerabilities
- Reading: Project 1
- Reading: Week 2 Reading
- Видео: Memory Safety
- Видео: Type Safety
- Видео: Avoiding Exploitation
- Видео: Return Oriented Programming - ROP
- Видео: Control Flow Integrity
- Видео: Secure Coding
- Reading: Week 3 Reading
- Видео: Web Basics
- Видео: SQL Injection
- Видео: SQL Injection Countermeasures
- Видео: Web-based State Using Hidden Fields and Cookies
- Видео: Session Hijacking
- Видео: Cross-site Request Forgery - CSRF
- Видео: Web 2.0
- Видео: Cross-site Scripting
- Видео: Interview with Kevin Haley
- Reading: Project 2
- Reading: Week 4 Reading
- Видео: Threat Modeling, or Architectural Risk Analysis
- Видео: Security Requirements
- Видео: Avoiding Flaws with Principles
- Видео: Design Category: Favor Simplicity
- Видео: Design Category: Trust With Reluctance
- Видео: Design Category: Defense in Depth, Monitoring/Traceability
- Видео: Top Design Flaws
- Видео: Case Study: Very Secure FTP daemon
- Видео: Interview with Gary McGraw
- Reading: Week 5 Reading
- Видео: Static Analysis: Introduction part 2
- Видео: Flow Analysis
- Видео: Flow Analysis: Adding Sensitivity
- Видео: Context Sensitive Analysis
- Видео: Flow Analysis: Scaling it up to a Complete Language and Problem Set
- Видео: Challenges and Variations
- Видео: Introducing Symbolic Execution
- Видео: Symbolic Execution: A Little History
- Видео: Basic Symbolic Execution
- Видео: Symbolic Execution as Search, and the Rise of Solvers
- Видео: Symbolic Execution Systems
- Видео: Interview with Andy Chou
- Reading: Project 3
- Reading: Week 6 Reading
- Видео: Pen Testing
- Видео: Fuzzing
- Видео: Interview with Eric Eames
- Видео: Interview with Patrice Godefroid
Each course is like an interactive textbook, featuring pre-recorded videos, quizzes and projects.
Connect with thousands of other learners and debate ideas, discuss course material, and get help mastering concepts.
Earn official recognition for your work, and share your success with friends, colleagues, and employers.
| Приобрести курс | |
|---|---|
| Получить доступ к материалам курса | Доступен |
| Получить доступ к оцениваемым материалам курса | Доступен |
| Получить итоговую оценку | Доступен |
| Earn a shareable Course Certificate | Доступен |
the course is Good but it needs a person has highly technical skills to study the concept of the course...
i really liked the course contains and the tutting, and it was actually very beneficial for me to develop my skills in software testing thank you again
Thank you for an insightful look at the world of software security. If I were to make a suggestion it would be to include a refresher module about programming in C. I find it odd that the syllabus wouldn't include some basics on C (while assuming the student is fluid with C) and yet, the course had a couple of modules to explain the most basic of web functionalities like server and client paradigm. I think some students of this course have that kind of knowledge mastered, and would have liked a refreshment for C to have an easier time in the earlier weeks.
CL
This is an excellent introductory course to cyber security! The projects are well designed with detail instructions.