Software Security

Product type

Software Security

Coursera (CC)
Logo Coursera (CC)
Provider rating: starstarstarstar_halfstar_border 7.2 Coursera (CC) has an average rating of 7.2 (out of 6 reviews)

Need more information? Get more details on the site of the provider.

Description

When you enroll for courses through Coursera you get to choose for a paid plan or for a free plan

  • Free plan: No certicification and/or audit only. You will have access to all course materials except graded items.
  • Paid plan: Commit to earning a Certificate—it's a trusted, shareable way to showcase your new skills.

About this course: This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity wi…

Read the complete description

Frequently asked questions

There are no frequently asked questions yet. If you have any more questions or need help, contact our customer service.

When you enroll for courses through Coursera you get to choose for a paid plan or for a free plan

  • Free plan: No certicification and/or audit only. You will have access to all course materials except graded items.
  • Paid plan: Commit to earning a Certificate—it's a trusted, shareable way to showcase your new skills.

About this course: This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.

Created by:  University of Maryland, College Park
  • Taught by:  Michael Hicks, Professor

    Department of Computer Science
Basic Info Course 2 of 5 in the Cybersecurity Specialization Commitment 6 weeks of study, 3-5 hours/week Language English, Subtitles: Korean How To Pass Pass all graded assignments to complete the course. User Ratings 4.6 stars Average User Rating 4.6See what learners said Coursework

Each course is like an interactive textbook, featuring pre-recorded videos, quizzes and projects.

Help from your peers

Connect with thousands of other learners and debate ideas, discuss course material, and get help mastering concepts.

Certificates

Earn official recognition for your work, and share your success with friends, colleagues, and employers.

University of Maryland, College Park The University of Maryland is the state's flagship university and one of the nation's preeminent public research universities. A global leader in research, entrepreneurship and innovation, the university is home to more than 37,000 students, 9,000 faculty and staff, and 250 academic programs. Its faculty includes three Nobel laureates, three Pulitzer Prize winners, 47 members of the national academies and scores of Fulbright scholars. The institution has a $1.8 billion operating budget, secures $500 million annually in external research funding and recently completed a $1 billion fundraising campaign.

Syllabus


WEEK 1


OVERVIEW
Overview and expectations of the course


3 videos, 4 readings, 1 practice quiz expand


  1. Reading: Introductory Reading
  2. Reading: Syllabus
  3. Video: Introducing Computer Security
  4. Video: What is software security?
  5. Video: Tour of the course and expected background
  6. Practice Quiz: Qualifying Quiz
  7. Reading: FAQ and Errata
  8. Reading: Glossary


LOW-LEVEL SECURITY
Low-level security: Attacks and exploits


6 videos, 2 readings expand


  1. Reading: Week 1 Reading
  2. Video: Low Level Security: Introduction
  3. Video: Memory Layout
  4. Video: Buffer Overflow
  5. Video: Code Injection
  6. Video: Other Memory Exploits
  7. Video: Format String Vulnerabilities
  8. Reading: Project 1

Graded: Week 1 quiz
Graded: VM BOF quiz

WEEK 2


DEFENDING AGAINST LOW-LEVEL EXPLOITS
Defending against low-level exploits


7 videos, 1 reading expand


  1. Reading: Week 2 Reading
  2. Video: Defenses Against Low-Level Attacks: Introduction
  3. Video: Memory Safety
  4. Video: Type Safety
  5. Video: Avoiding Exploitation
  6. Video: Return Oriented Programming - ROP
  7. Video: Control Flow Integrity
  8. Video: Secure Coding

Graded: Week 2 quiz

WEEK 3


WEB SECURITY
Web security: Attacks and defenses


10 videos, 2 readings expand


  1. Reading: Week 3 Reading
  2. Video: Security for the Web: Introduction
  3. Video: Web Basics
  4. Video: SQL Injection
  5. Video: SQL Injection Countermeasures
  6. Video: Web-based State Using Hidden Fields and Cookies
  7. Video: Session Hijacking
  8. Video: Cross-site Request Forgery - CSRF
  9. Video: Web 2.0
  10. Video: Cross-site Scripting
  11. Video: Interview with Kevin Haley
  12. Reading: Project 2

Graded: BadStore quiz
Graded: Week 3 quiz

WEEK 4


SECURE SOFTWARE DEVELOPMENT
Designing and Building Secure Software


10 videos, 1 reading expand


  1. Reading: Week 4 Reading
  2. Video: Designing and Building Secure Software: Introduction
  3. Video: Threat Modeling, or Architectural Risk Analysis
  4. Video: Security Requirements
  5. Video: Avoiding Flaws with Principles
  6. Video: Design Category: Favor Simplicity
  7. Video: Design Category: Trust With Reluctance
  8. Video: Design Category: Defense in Depth, Monitoring/Traceability
  9. Video: Top Design Flaws
  10. Video: Case Study: Very Secure FTP daemon
  11. Video: Interview with Gary McGraw

Graded: Week 4 quiz

WEEK 5


PROGRAM ANALYSIS
Static Program Analysis


13 videos, 2 readings expand


  1. Reading: Week 5 Reading
  2. Video: Static Analysis: Introduction part 1
  3. Video: Static Analysis: Introduction part 2
  4. Video: Flow Analysis
  5. Video: Flow Analysis: Adding Sensitivity
  6. Video: Context Sensitive Analysis
  7. Video: Flow Analysis: Scaling it up to a Complete Language and Problem Set
  8. Video: Challenges and Variations
  9. Video: Introducing Symbolic Execution
  10. Video: Symbolic Execution: A Little History
  11. Video: Basic Symbolic Execution
  12. Video: Symbolic Execution as Search, and the Rise of Solvers
  13. Video: Symbolic Execution Systems
  14. Video: Interview with Andy Chou
  15. Reading: Project 3

Graded: Project 3 quiz
Graded: Week 5 quiz

WEEK 6


PEN TESTING
Penetration and Fuzz Testing


5 videos, 1 reading expand


  1. Reading: Week 6 Reading
  2. Video: Penetration Testing: Introduction
  3. Video: Pen Testing
  4. Video: Fuzzing
  5. Video: Interview with Eric Eames
  6. Video: Interview with Patrice Godefroid

Graded: Week 6 quiz
There are no reviews yet.

Share your review

Do you have experience with this course? Submit your review and help other people make the right choice. As a thank you for your effort we will donate £1.- to Stichting Edukans.

There are no frequently asked questions yet. If you have any more questions or need help, contact our customer service.