Software Security
University of Maryland, College Park via Coursera
-
12.4k
-
- Write review
This course may be unavailable.
Overview
This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.
Syllabus
- OVERVIEW
- Overview and expectations of the course
- LOW-LEVEL SECURITY
- Low-level security: Attacks and exploits
- DEFENDING AGAINST LOW-LEVEL EXPLOITS
- Defending against low-level exploits
- WEB SECURITY
- Web security: Attacks and defenses
- SECURE SOFTWARE DEVELOPMENT
- Designing and Building Secure Software
- PROGRAM ANALYSIS
- Static Program Analysis
- PEN TESTING
- Penetration and Fuzz Testing
Taught by
Michael Hicks
Tags
Reviews
4.1 rating, based on 24 Class Central reviews
4.7 rating at Coursera based on 1621 ratings
Showing Class Central Sort
-
The first part covers buffer overflows and related memory attacks. Buffer overflows are really well explained, but the quiz and programming project can be difficult if you don't know C. Next there was a section on web security, like SQL injection, X…
-
Challenging course, goes beyond most security MOOC's by incorporating projects that have the student analyze and exploit test code. Some of the most detailed explanations of overflows i have seen in online learning.
Need a strong background in C and Assembly to be successful in at least the first half.
Dropped about halfway thru only because it was the same material I took in my Stanford security program.
-
Very interesting material for introducing on security applied to software. The course is structured around three major blocks, each roughly two weeks from the syllabus. Each block includes a related lab project and interviews with professionals are provided on some units.
The course requires prior knowledge of C, memory management and UNIX. Some concepts about assembler, compiler and similar are advisable. The learning curve may be somewhat steep in the first weeks; thus I'd stress brushing up the aforementioned requirements. -
The course was kinda tough and the explaination was also not up to the mark. It would have been better if things were explained right from the beginners level and in a more simplier way. Thank you!
-
The first two week material is too hard to absorb. Some more coding examples with detail explaination may be added in lectures. The other option could be adding couple of week contents on crash review of C/C++ language like strings, pointers, structures and relevant material.
-
The videos are engaging and include interviews with people working in the field. The topics are well separated and the practical tasks are quite fun, and eye-opening: First you hack a C program into running code it shouldn't, secondly you have to break into a website, and in the third you try fuzzy testing, all in prepared virtual machines.
I highly recommend it. -
Like someone else wrote, the first two week material is too hard to absorb. Some more coding examples with detail explanation may be added in lectures. The other option could be adding couple of week contents on crash review of C/C++ language like strings, pointers, structures and relevant material.
I agree with this entire content. -
This course is very important for my profession about engineer system. The application is very important against malicious programs. Thanks you by shared.
-
This was wayyyyy too hard. The course wasn't explained well at all and assumed you're an expert. I recommend advertising it better!
-
All I learned was how to use big words with little to no context. What a joke! I dropped the course in the 2nd week!
-
I highly recommend this course. The covered subjects are really interesting, and the instructor is a great teacher. He goes quite in-depth also and explains the history and state of the art of each subject, which make it much easier to understand.
The first two assessments were also extremely interesting. The 3rd one was more straightforward but still interesting. -
-
-
-
-
-
-
-