Informações sobre o curso: This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.
Desenvolvido por: University of Maryland, College Park
Ministrado por: Michael Hicks, Professor
Department of Computer Science
| Informações básicas | Curso 2 de 5 no Cybersecurity Specialization |
| Compromisso | 6 weeks of study, 3-5 hours/week |
| Idioma | English, Legendas: Korean |
| Como ser aprovado | Seja aprovado em todas as tarefas para concluir o curso. |
| Classificação do usuário |
Programa
SEMANA 1
OVERVIEW
Overview and expectations of the course
3 videos, 4 readings, 1 practice quiz
- 阅读: Introductory Reading
- 阅读: Syllabus
- Vídeo: What is software security?
- Vídeo: Tour of the course and expected background
- 练习测验: Qualifying Quiz
- 阅读: FAQ and Errata
- 阅读: Glossary
LOW-LEVEL SECURITY
Low-level security: Attacks and exploits
6 videos, 2 readings
- 阅读: Week 1 Reading
- Vídeo: Memory Layout
- Vídeo: Buffer Overflow
- Vídeo: Code Injection
- Vídeo: Other Memory Exploits
- Vídeo: Format String Vulnerabilities
- 阅读: Project 1
Nota atribuída: Week 1 quiz
Nota atribuída: VM BOF quiz
SEMANA 2
DEFENDING AGAINST LOW-LEVEL EXPLOITS
Defending against low-level exploits
7 videos, 1 reading
- 阅读: Week 2 Reading
- Vídeo: Memory Safety
- Vídeo: Type Safety
- Vídeo: Avoiding Exploitation
- Vídeo: Return Oriented Programming - ROP
- Vídeo: Control Flow Integrity
- Vídeo: Secure Coding
Nota atribuída: Week 2 quiz
SEMANA 3
WEB SECURITY
Web security: Attacks and defenses
10 videos, 2 readings
- 阅读: Week 3 Reading
- Vídeo: Web Basics
- Vídeo: SQL Injection
- Vídeo: SQL Injection Countermeasures
- Vídeo: Web-based State Using Hidden Fields and Cookies
- Vídeo: Session Hijacking
- Vídeo: Cross-site Request Forgery - CSRF
- Vídeo: Web 2.0
- Vídeo: Cross-site Scripting
- Vídeo: Interview with Kevin Haley
- 阅读: Project 2
Nota atribuída: BadStore quiz
Nota atribuída: Week 3 quiz
SEMANA 4
SECURE SOFTWARE DEVELOPMENT
Designing and Building Secure Software
10 videos, 1 reading
- 阅读: Week 4 Reading
- Vídeo: Threat Modeling, or Architectural Risk Analysis
- Vídeo: Security Requirements
- Vídeo: Avoiding Flaws with Principles
- Vídeo: Design Category: Favor Simplicity
- Vídeo: Design Category: Trust With Reluctance
- Vídeo: Design Category: Defense in Depth, Monitoring/Traceability
- Vídeo: Top Design Flaws
- Vídeo: Case Study: Very Secure FTP daemon
- Vídeo: Interview with Gary McGraw
Nota atribuída: Week 4 quiz
SEMANA 5
PROGRAM ANALYSIS
Static Program Analysis
13 videos, 2 readings
- 阅读: Week 5 Reading
- Vídeo: Static Analysis: Introduction part 2
- Vídeo: Flow Analysis
- Vídeo: Flow Analysis: Adding Sensitivity
- Vídeo: Context Sensitive Analysis
- Vídeo: Flow Analysis: Scaling it up to a Complete Language and Problem Set
- Vídeo: Challenges and Variations
- Vídeo: Introducing Symbolic Execution
- Vídeo: Symbolic Execution: A Little History
- Vídeo: Basic Symbolic Execution
- Vídeo: Symbolic Execution as Search, and the Rise of Solvers
- Vídeo: Symbolic Execution Systems
- Vídeo: Interview with Andy Chou
- 阅读: Project 3
Nota atribuída: Project 3 quiz
Nota atribuída: Week 5 quiz
SEMANA 6
PEN TESTING
Penetration and Fuzz Testing
5 videos, 1 reading
- 阅读: Week 6 Reading
- Vídeo: Pen Testing
- Vídeo: Fuzzing
- Vídeo: Interview with Eric Eames
- Vídeo: Interview with Patrice Godefroid
Nota atribuída: Week 6 quiz
Perguntas frequentes
Como funciona
课程作业
每门课程都像是一本互动的教科书,具有预先录制的视频、测验和项目。
来自同学的帮助
与其他成千上万的学生相联系,对想法进行辩论,讨论课程材料,并寻求帮助来掌握概念。
证书
获得正式认证的作业,并与朋友、同事和雇主分享您的成功。
Desenvolvedores
University of Maryland, College Park
The University of Maryland is the state's flagship university and one of the nation's preeminent public research universities. A global leader in research, entrepreneurship and innovation, the university is home to more than 37,000 students, 9,000 faculty and staff, and 250 academic programs. Its faculty includes three Nobel laureates, three Pulitzer Prize winners, 47 members of the national academies and scores of Fulbright scholars. The institution has a $1.8 billion operating budget, secures $500 million annually in external research funding and recently completed a $1 billion fundraising campaign.
Custo
| Comprar curso | |
|---|---|
| Acesso aos materiais do curso | Disponível |
| Acesso a materiais valendo nota | Disponível |
| Receba uma nota final | Disponível |
| Obtenha um Certificado de Curso compartilhável | Disponível |
Classificações e avaliações
O Coursera proporciona acesso universal à melhor educação do mundo fazendo parcerias com as melhores universidades e organizações para oferecer cursos on-line.
© 2018 Coursera Inc. Todos os direitos reservados.
