Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

University of Maryland, College Park

Software Security

University of Maryland, College Park via Coursera

This course may be unavailable.

Overview

This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.

Syllabus

  • OVERVIEW
    • Overview and expectations of the course
  • LOW-LEVEL SECURITY
    • Low-level security: Attacks and exploits
  • DEFENDING AGAINST LOW-LEVEL EXPLOITS
    • Defending against low-level exploits
  • WEB SECURITY
    • Web security: Attacks and defenses
  • SECURE SOFTWARE DEVELOPMENT
    • Designing and Building Secure Software
  • PROGRAM ANALYSIS
    • Static Program Analysis
  • PEN TESTING
    • Penetration and Fuzz Testing

Taught by

Michael Hicks

Reviews

4.1 rating, based on 24 Class Central reviews

4.7 rating at Coursera based on 1621 ratings

Start your review of Software Security

  • The first part covers buffer overflows and related memory attacks. Buffer overflows are really well explained, but the quiz and programming project can be difficult if you don't know C. Next there was a section on web security, like SQL injection, X…
  • Challenging course, goes beyond most security MOOC's by incorporating projects that have the student analyze and exploit test code. Some of the most detailed explanations of overflows i have seen in online learning.

    Need a strong background in C and Assembly to be successful in at least the first half.

    Dropped about halfway thru only because it was the same material I took in my Stanford security program.
  • Very interesting material for introducing on security applied to software. The course is structured around three major blocks, each roughly two weeks from the syllabus. Each block includes a related lab project and interviews with professionals are provided on some units.
    The course requires prior knowledge of C, memory management and UNIX. Some concepts about assembler, compiler and similar are advisable. The learning curve may be somewhat steep in the first weeks; thus I'd stress brushing up the aforementioned requirements.
  • Anonymous
    The course was kinda tough and the explaination was also not up to the mark. It would have been better if things were explained right from the beginners level and in a more simplier way. Thank you!
  • Anonymous
    The first two week material is too hard to absorb. Some more coding examples with detail explaination may be added in lectures. The other option could be adding couple of week contents on crash review of C/C++ language like strings, pointers, structures and relevant material.
  • Mariano
    The videos are engaging and include interviews with people working in the field. The topics are well separated and the practical tasks are quite fun, and eye-opening: First you hack a C program into running code it shouldn't, secondly you have to break into a website, and in the third you try fuzzy testing, all in prepared virtual machines.
    I highly recommend it.
  • JDmrs
    Like someone else wrote, the first two week material is too hard to absorb. Some more coding examples with detail explanation may be added in lectures. The other option could be adding couple of week contents on crash review of C/C++ language like strings, pointers, structures and relevant material.
    I agree with this entire content.
  • This course is very important for my profession about engineer system. The application is very important against malicious programs. Thanks you by shared.
  • Anonymous
    This was wayyyyy too hard. The course wasn't explained well at all and assumed you're an expert. I recommend advertising it better!
  • Anonymous
    All I learned was how to use big words with little to no context. What a joke! I dropped the course in the 2nd week!
  • Thomas D
    I highly recommend this course. The covered subjects are really interesting, and the instructor is a great teacher. He goes quite in-depth also and explains the history and state of the art of each subject, which make it much easier to understand.

    The first two assessments were also extremely interesting. The 3rd one was more straightforward but still interesting.
  • Lim
  • Anonymous
  • Ricardo Buitrago
  • Cristian
  • Maria Del Pilar
  • Peter Mosoni
  • Amaan Cheval
  • Klaas Naaijkens

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.