Об этом курсе: This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.
Автор: University of Maryland, College Park
Преподаватели: Michael Hicks, Professor
Department of Computer Science
| Основные сведения | Курс 2 из 5 — Cybersecurity Specialization |
| Выполнение | 6 weeks of study, 3-5 hours/week |
| Язык | English, Субтитры: Korean |
| Как пройти курс | Чтобы пройти курс, выполните все оцениваемые задания. |
| Оценки пользователей |
Программа курса
НЕДЕЛЯ 1
OVERVIEW
Overview and expectations of the course
3 видео, 4 материала для самостоятельного изучения, 1 тренировочный тест
- Reading: Introductory Reading
- Reading: Syllabus
- Видео: What is software security?
- Видео: Tour of the course and expected background
- Practice Quiz: Qualifying Quiz
- Reading: FAQ and Errata
- Reading: Glossary
LOW-LEVEL SECURITY
Low-level security: Attacks and exploits
6 видео, 2 материала для самостоятельного изучения
- Reading: Week 1 Reading
- Видео: Memory Layout
- Видео: Buffer Overflow
- Видео: Code Injection
- Видео: Other Memory Exploits
- Видео: Format String Vulnerabilities
- Reading: Project 1
Оцениваемый: Week 1 quiz
Оцениваемый: VM BOF quiz
НЕДЕЛЯ 2
DEFENDING AGAINST LOW-LEVEL EXPLOITS
Defending against low-level exploits
7 видео, 1 материал для самостоятельного изучения
- Reading: Week 2 Reading
- Видео: Memory Safety
- Видео: Type Safety
- Видео: Avoiding Exploitation
- Видео: Return Oriented Programming - ROP
- Видео: Control Flow Integrity
- Видео: Secure Coding
Оцениваемый: Week 2 quiz
НЕДЕЛЯ 3
WEB SECURITY
Web security: Attacks and defenses
10 видео, 2 материала для самостоятельного изучения
- Reading: Week 3 Reading
- Видео: Web Basics
- Видео: SQL Injection
- Видео: SQL Injection Countermeasures
- Видео: Web-based State Using Hidden Fields and Cookies
- Видео: Session Hijacking
- Видео: Cross-site Request Forgery - CSRF
- Видео: Web 2.0
- Видео: Cross-site Scripting
- Видео: Interview with Kevin Haley
- Reading: Project 2
Оцениваемый: BadStore quiz
Оцениваемый: Week 3 quiz
НЕДЕЛЯ 4
SECURE SOFTWARE DEVELOPMENT
Designing and Building Secure Software
10 видео, 1 материал для самостоятельного изучения
- Reading: Week 4 Reading
- Видео: Threat Modeling, or Architectural Risk Analysis
- Видео: Security Requirements
- Видео: Avoiding Flaws with Principles
- Видео: Design Category: Favor Simplicity
- Видео: Design Category: Trust With Reluctance
- Видео: Design Category: Defense in Depth, Monitoring/Traceability
- Видео: Top Design Flaws
- Видео: Case Study: Very Secure FTP daemon
- Видео: Interview with Gary McGraw
Оцениваемый: Week 4 quiz
НЕДЕЛЯ 5
PROGRAM ANALYSIS
Static Program Analysis
13 видео, 2 материала для самостоятельного изучения
- Reading: Week 5 Reading
- Видео: Static Analysis: Introduction part 2
- Видео: Flow Analysis
- Видео: Flow Analysis: Adding Sensitivity
- Видео: Context Sensitive Analysis
- Видео: Flow Analysis: Scaling it up to a Complete Language and Problem Set
- Видео: Challenges and Variations
- Видео: Introducing Symbolic Execution
- Видео: Symbolic Execution: A Little History
- Видео: Basic Symbolic Execution
- Видео: Symbolic Execution as Search, and the Rise of Solvers
- Видео: Symbolic Execution Systems
- Видео: Interview with Andy Chou
- Reading: Project 3
Оцениваемый: Project 3 quiz
Оцениваемый: Week 5 quiz
НЕДЕЛЯ 6
PEN TESTING
Penetration and Fuzz Testing
5 видео, 1 материал для самостоятельного изучения
- Reading: Week 6 Reading
- Видео: Pen Testing
- Видео: Fuzzing
- Видео: Interview with Eric Eames
- Видео: Interview with Patrice Godefroid
Оцениваемый: Week 6 quiz
Часто задаваемые вопросы
Как это работает
Coursework
Each course is like an interactive textbook, featuring pre-recorded videos, quizzes and projects.
Help from Your Peers
Connect with thousands of other learners and debate ideas, discuss course material, and get help mastering concepts.
Certificates
Earn official recognition for your work, and share your success with friends, colleagues, and employers.
Авторы
University of Maryland, College Park
The University of Maryland is the state's flagship university and one of the nation's preeminent public research universities. A global leader in research, entrepreneurship and innovation, the university is home to more than 37,000 students, 9,000 faculty and staff, and 250 academic programs. Its faculty includes three Nobel laureates, three Pulitzer Prize winners, 47 members of the national academies and scores of Fulbright scholars. The institution has a $1.8 billion operating budget, secures $500 million annually in external research funding and recently completed a $1 billion fundraising campaign.
Стоимость
| Приобрести курс | |
|---|---|
| Получить доступ к материалам курса | Доступен |
| Получить доступ к оцениваемым материалам курса | Доступен |
| Получить итоговую оценку | Доступен |
| Получите сертификат о прохождении курса, ссылкой на который можно делиться с другими людьми | Доступен |
Рейтинги и отзывы
Excellent. Was able to review the course and catch up my peers in a security course.
It's a great a course but if there any lab practice like CTF will be great
It has been a challenge studying this course. I definitely learned a lot
Coursera делает лучшее в мире образование доступным каждому, предлагая онлайн-курсы от ведущих университетов и организаций.
© Coursera Inc., 2018 Все права защищены.
h
The course is impressively well-structured and organised. When I came to know about MIT's OCW's Computer Security course, I was eagerly hoping it gets included in as a Mooc. After taking this course, I believe it's on the same par.
Software Security is intended for a more advanced audience compared to usable security. Mainly, those who have some modest experience with programming and are aiming to apply security designs and implementations to their code. Moreover, it gives you a good idea, backed up with labs, about security in domains like web application, low-level systems, penetration testing, etc, good enough for someone to choose which one to pursue a career in.