Secure Application Programming, Fall 2020

Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect systems, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of attacks is a prerequisite for the design and implementation of secure systems. The course goals are the following:

  • Provide a solid understanding systems security principles
  • Study common programming, configuration, and design mistakes in various software domains and levels of the software stack
  • Understand approaches for detecting the presence of vulnerabilities during development and deployment
  • Gain hands-on experience in attacking and defending vulnerable software systems

Topics covered by this course include:

  • Operating system security and vulnerability
  • Threat Modeling, Infection Vectors
  • Stack and heap overflows
  • Memory corruption
  • Reverse engineering and binary analysis
  • Static and dynamic analysis
  • Malicious code (Ransomware, Botnet, APTs, Botnets)
  • Programming language security
  • Software penetration testing
  • Web Security
More »

Fundamentals of Cybersecurity, Summer 2020

Major security breaches routinely make headline news and impact the lives of millions of people. Cybercrime is a multi-million dollar, mature business. Advanced, persistent threats posed by nation-state adversaries are beginning to impact critical infrastructure, and even democratic processes themselves. As technology becomes embedded in ever more facets of our lives, society, business, and government, the need for cybersecurity experts to protect our infrastructure grows. The course goals are the following:

  • Provide a solid understanding of the core cybersecurity principles and concepts, including systems and communication security
  • Introduce the breadth of topics in the cybersecurity space
  • Provide hands-on experience in achieving essential security properties like confidentiality and integrity, as well as desirable properties like least privilege and defense in depth

Topics covered by this course include:

  • Security foundations
  • Authentication and Access Control
  • Access Control
  • Social Engineering
  • System Security
  • Web security
  • Threat Modeling, Infection Vectors
  • DDoS, Malware
More »