Software Security

This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.

• OVERVIEW
• Overview and expectations of the course
• LOW-LEVEL SECURITY
• Low-level security: Attacks and exploits
  
• DEFENDING AGAINST LOW-LEVEL EXPLOITS
• Defending against low-level exploits
• WEB SECURITY
• Web security: Attacks and defenses
• SECURE SOFTWARE DEVELOPMENT
• Designing and Building Secure Software
• PROGRAM ANALYSIS
• Static Program Analysis
• PEN TESTING
• Penetration and Fuzz Testing