Contacts: elisa@cs.wisc.edu and bart@cs.wisc.edu.
© 2025 Elisa Heymann and Barton P. Miller.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Instructors: You can find the Instructors' Page with teaching information and directions to access the active learning exercises and quizzes. You will need to request access permission from us for these resources. |
Users: This is a free and open resource for you to use to help you learn about software security. If you would like to support this effort and help us keep it up to date and expand the content, please feel free to donate $5 - $10 - $20 - $50 - or click here to donate any amount you want. |
Note about chapter numbering:
In preparation for publishing our chapters in a book, over the next year chapter
numbers will change.
The current system of module.unit will change a simple chapter number.
For example, existing Unit 5.2 will become Chapter 29.
The page style and formatting is also being updated.
During this transition, this web page will continue to organize this page using the old numbering, but some of the chapters that you access will have the new numbers. Chapters that are written in the new style will have the new chapter number in parentheses after the old one, e.g., "5.2 (29)". All new chapters will use the new number system. After we complete those chapters, we will start to move the existing units to the new chapter numbers. If you have links to individual units, then those will need to be updated. Sorry for any confusion that this causes! |
6.1 How Static Analysis Tools Work (part 1)
|
6.2 How Static Analysis Tools Work (part 2)
|
6.3 Tools for C and C++
|
6.4 Tools for Java
|
||||||||||||||||||||||||
6.5.1 Dependency Analysis Tools: Conceptual Background
|
6.5.2 Dependency Tools: How to Use the Tools
|
6.6 Using Tools in the SWAMP
|
7.1 Introduction to Fuzz Testing
|
7.2.1 Classic Fuzz Testing Section 1: Background
|
7.2.2 Classic Fuzz Testing Section 2: Command Line Studies
|
7.2.3 Classic Fuzz Testing Section 3: GUI-Based Studies
|
|||||||||||||||||||||
7.2.4 Classic Fuzz Testing Sections 4 & 5: Other Studies, Commentary
|
7.3 Fuzz Testing with AFL
|
7.4 Memory Checking Tools
|
8.1 Basic Cryptography Concepts
|
8.2 Java Crypto API Misuses and Cryptoguard
|
Glossary of Terms
|