About this course: This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.
Created by: University of Maryland, College Park
Taught by: Michael Hicks, Professor
Department of Computer Science
| Basic Info | Course 2 of 5 in the Cybersecurity Specialization |
| Commitment | 6 weeks of study, 3-5 hours/week |
| Language | English, Subtitles: Korean |
| How To Pass | Pass all graded assignments to complete the course. |
| User Ratings |
Syllabus
WEEK 1
OVERVIEW
Overview and expectations of the course
3 videos, 4 readings, 1 practice quiz
- Reading: Introductory Reading
- Reading: Syllabus
- Video: Introducing Computer Security
- Video: What is software security?
- Video: Tour of the course and expected background
- Practice Quiz: Qualifying Quiz
- Reading: FAQ and Errata
- Reading: Glossary
LOW-LEVEL SECURITY
Low-level security: Attacks and exploits
6 videos, 2 readings
- Reading: Week 1 Reading
- Video: Low Level Security: Introduction
- Video: Memory Layout
- Video: Buffer Overflow
- Video: Code Injection
- Video: Other Memory Exploits
- Video: Format String Vulnerabilities
- Reading: Project 1
Graded: Week 1 quiz
Graded: VM BOF quiz
WEEK 2
DEFENDING AGAINST LOW-LEVEL EXPLOITS
Defending against low-level exploits
7 videos, 1 reading
- Reading: Week 2 Reading
- Video: Defenses Against Low-Level Attacks: Introduction
- Video: Memory Safety
- Video: Type Safety
- Video: Avoiding Exploitation
- Video: Return Oriented Programming - ROP
- Video: Control Flow Integrity
- Video: Secure Coding
Graded: Week 2 quiz
WEEK 3
WEB SECURITY
Web security: Attacks and defenses
10 videos, 2 readings
- Reading: Week 3 Reading
- Video: Security for the Web: Introduction
- Video: Web Basics
- Video: SQL Injection
- Video: SQL Injection Countermeasures
- Video: Web-based State Using Hidden Fields and Cookies
- Video: Session Hijacking
- Video: Cross-site Request Forgery - CSRF
- Video: Web 2.0
- Video: Cross-site Scripting
- Video: Interview with Kevin Haley
- Reading: Project 2
Graded: BadStore quiz
Graded: Week 3 quiz
WEEK 4
SECURE SOFTWARE DEVELOPMENT
Designing and Building Secure Software
10 videos, 1 reading
- Reading: Week 4 Reading
- Video: Designing and Building Secure Software: Introduction
- Video: Threat Modeling, or Architectural Risk Analysis
- Video: Security Requirements
- Video: Avoiding Flaws with Principles
- Video: Design Category: Favor Simplicity
- Video: Design Category: Trust With Reluctance
- Video: Design Category: Defense in Depth, Monitoring/Traceability
- Video: Top Design Flaws
- Video: Case Study: Very Secure FTP daemon
- Video: Interview with Gary McGraw
Graded: Week 4 quiz
WEEK 5
PROGRAM ANALYSIS
Static Program Analysis
13 videos, 2 readings
- Reading: Week 5 Reading
- Video: Static Analysis: Introduction part 1
- Video: Static Analysis: Introduction part 2
- Video: Flow Analysis
- Video: Flow Analysis: Adding Sensitivity
- Video: Context Sensitive Analysis
- Video: Flow Analysis: Scaling it up to a Complete Language and Problem Set
- Video: Challenges and Variations
- Video: Introducing Symbolic Execution
- Video: Symbolic Execution: A Little History
- Video: Basic Symbolic Execution
- Video: Symbolic Execution as Search, and the Rise of Solvers
- Video: Symbolic Execution Systems
- Video: Interview with Andy Chou
- Reading: Project 3
Graded: Project 3 quiz
Graded: Week 5 quiz
WEEK 6
PEN TESTING
Penetration and Fuzz Testing
5 videos, 1 reading
- Reading: Week 6 Reading
- Video: Penetration Testing: Introduction
- Video: Pen Testing
- Video: Fuzzing
- Video: Interview with Eric Eames
- Video: Interview with Patrice Godefroid
Graded: Week 6 quiz
FAQs
How It Works
Coursework
Each course is like an interactive textbook, featuring pre-recorded videos, quizzes and projects.
Help from Your Peers
Connect with thousands of other learners and debate ideas, discuss course material, and get help mastering concepts.
Certificates
Earn official recognition for your work, and share your success with friends, colleagues, and employers.
Creators
University of Maryland, College Park
The University of Maryland is the state's flagship university and one of the nation's preeminent public research universities. A global leader in research, entrepreneurship and innovation, the university is home to more than 37,000 students, 9,000 faculty and staff, and 250 academic programs. Its faculty includes three Nobel laureates, three Pulitzer Prize winners, 47 members of the national academies and scores of Fulbright scholars. The institution has a $1.8 billion operating budget, secures $500 million annually in external research funding and recently completed a $1 billion fundraising campaign.
Pricing
| Audit | Purchase Course | |
|---|---|---|
| Access to course materials | Available | Available |
| Access to graded materials | Not available | Available |
| Receive a final grade | Not available | Available |
| Earn a shareable Course Certificate | Not available | Available |
Ratings and Reviews
The course was really challenging. I would definitely recommend it for my friends.
Enjoyed the course, would have liked to have in video questions for all videos. I think they stopped after week 4 . I would also have liked to see more projects or more depth to the last project.
Great course.
Unfortunately it is already a few years old, so some of the facts are outdated.
Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.
© 2017 Coursera Inc. All rights reserved.
TY
Great Course. I like that it offered the interviews at the end of each lesson. I didn't know anything about the style of fuzzing or pen testing prior to taking this course. I need to delve into the learning hands