University of Maryland, College Park – Software Security
Instructor
About this Course
This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them — such as buffer overflows, SQL injection, and session hijacking — and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a “build security in” mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other “managed” program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.
Skills you will gain
Fuzz Testing
Buffer Overflow
Sql Injection
Penetration Test
Syllabus
Week 1: OVERVIEW
Overview and expectations of the course
LOW-LEVEL SECURITY
Low-level security: Attacks and exploits
Week 2: DEFENDING AGAINST LOW-LEVEL EXPLOITS
Defending against low-level exploits
Week 3: WEB SECURITY
Web security: Attacks and defenses
Week 4: SECURE SOFTWARE DEVELOPMENT
Designing and Building Secure Software
Week 5: PROGRAM ANALYSIS
Static Program Analysis
Week 6: PEN TESTING
Penetration and Fuzz Testing