UW, UAB and TrustedCI logos

Introduction to Software Security

Videos by Elisa Heymann and Barton P. Miller
Text by Elisa Heymann, Loren Kohnfelder and Barton P. Miller

Contacts: elisa@cs.wisc.edu and bart@cs.wisc.edu.

© 2022 Elisa Heymann, Barton P. Miller and Loren Kohnfelder.
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Instructors: You can find the Instructors' Page with teaching information and directions to access the active learning exercises and quizzes. You will need to request access permssion from us for thse resources.

Module 1: Introduction
1.1
Welcome and Overview

Link to video Link to text chapter
1.2.1
Introduction Part 1: Basic Terminology

Link to video Link to text chapter
Closed caption English, Español
1.2.2
Introduction Part 2: Threats

Link to video Link to text chapter
Closed caption English, Español
1.2.3
Introduction Part 3: Risks and Basic Concepts

Link to video Link to text chapter
Closed caption English, Español
1.3
Thinking Like an Attacker: Owning the Bits

Link to video Link to text chapter
Closed caption English, Español
Module 2: Thinking Like a Designer
2.1
Secure Design Principles

Link to video Link to text chapter Link to hands-on exercise
2.2
Threat Modeling Overview and Goals

Link to video Link to text chapter Link to hands-on exercise
2.3
Threat Modeling Methodology

Link to video Link to text chapter Link to hands-on exercise
Module 3: Thinking Like an Programmer: Secure Programming
3.1
Pointers and Strings

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.2
Numeric Errors

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.3
Directory Traversal

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.4
Exceptions

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.5
Serialization

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.6
Privilege, Sandboxing, Environments

Link to video Link to text chapter Link to hands-on exercise
3.7
Host Name Authentication

Link to video Link to text chapter Link to hands-on exercise
3.8
Introduction to Injection Attacks

Link to video Link to text chapter
Closed caption English, Español
3.8.1
SQL Injections

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.8.2
Command Injections

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.8.3
Code Injections

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.8.4
XML Injections

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.9.1
Web Attacks:
Background

Link to video Link to text chapter
Closed caption English, Español
3.9.2
Web Attacks:
Cross Site Scripting (XSS)

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.9.3
Web Attacks:
Cross Site Request Forgery (CSRF)

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.9.4
Web Attacks:
Session Management

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.9.5
Web Attacks:
Redirection

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.10.1
Mobile: Background

Link to video Link to text chapter
Closed caption English, Español
3.10.2
Mobile: Attacks

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
Module 4: Defensive Techniques
4.1
Address Space Layout Randomization

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
4.2
Memory Safety Checks

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
4.3
Control Flow Integrity Checks

Link to video Link to text chapter Link to hands-on exercise
Module 5: Thinking Like an Analyst: In-Depth Vulnerability Assessment
5.1
Introduction to FPVA, First Principles Vulnerability Assessment

Link to video Link to text chapter
Closed caption English
5.2
FPVA Step 1: Architectural Analysis (part 1)

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.2
FPVA Step 1: Architectural Analysis (part 2)

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.3
FPVA Step 2: Resource Identification

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.4
FPVA Step 3: Trust and Privilege Analysis

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.5
FPVA Step 4: Component Analysis

Link to video Link to text chapter Link to hands-on exercise
5.6
FPVA Step 5: Dissemination of Results

Link to video Link to text chapter Link to hands-on exercise
5.7
The Manager's Point of View: Responding to a Vulnerability

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 6: Thinking Like an Analyst: Automated Assessment Tools
6.1
How Static Analysis Tools Work
Part 1

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
6.2
How Static Analysis Tools Work
Part 2

Link to video Link to text chapter Link to hands-on exercise
6.3
Tools for C and C++

Link to video Link to text chapter Link to hands-on exercise
6.4
Tools for Java

Link to video Link to text chapter Link to hands-on exercise
6.5
Dependency Tools

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
6.6
Using Tools in the SWAMP

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 7: Dynamic Techniques (Fuzz Testing and Other Checkers)
7.1
Introduction to Fuzz Testing

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
7.2.1
Classic Fuzz Testing
Section 1: Background

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
7.2.2
Classic Fuzz Testing
Section 2: Command Line Studies

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
7.2.3
Classic Fuzz Testing
Section 3: GUI-Based Studies

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
7.2.4
Classic Fuzz Testing
Sections 4 & 5: Other Studies, Commentary

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
7.3
Fuzz Testing with AFL

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
7.4
Memory Checking Tools

Link to video Link to text chapter Link to hands-on exercise
Supplementary Sections
Glossary of Terms
Link to text chapter


Valid HTML 4.01 Transitional
Last modified: Mon 07 Feb 2022 09:10:02 AM CST by bart