Introduction to Software Security

Videos by Elisa Heymann and Barton P. Miller
Text by Elisa Heymann, Loren Kohnfelder and Barton P. Miller

Contacts: elisa@cs.wisc.edu and bart@cs.wisc.edu.

© 2020 Elisa Heymann, Barton P. Miller and Loren Kohnfelder. All rights reserved.

Module 1: Introduction
1.1
Welcome and Overview

Link to video Link to text chapter Link to hands-on exercise
1.2.1
Introduction Part 1: Basic Terminology

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
1.2.2
Introduction Part 2: Threats

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
1.2.3
Introduction Part 3: Risks and Basic Concepts

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
1.3
Thinking Like an Attacker: Owning the Bits

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 2: Thinking Like a Designer
2.1
Secure Design Principles

Link to video Link to text chapter Link to hands-on exercise
2.2
Threat Modeling Overview and Goals

Link to video Link to text chapter Link to hands-on exercise
2.3
Threat Modeling Methodology

Link to video Link to text chapter Link to hands-on exercise
Module 3: Thinking Like an Programmer: Secure Programming
3.1
Pointers and Strings

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.2
Numeric Errors

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.3
Directory Traversal

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.4
Exceptions

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.5
Serialization

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.6
Privilege, Sandboxing, Environments

Link to video Link to text chapter Link to hands-on exercise
3.7
Host Name Authentication

Link to video Link to text chapter Link to hands-on exercise
3.8
Introduction to Injection Attacks

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.8.1
SQL Injections

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.8.2
Command Injections

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.8.3
Code Injections

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.8.4
XML Injections

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.9.1
Web Attacks:
Background

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.9.2
Web Attacks:
Cross Site Scripting (XSS)

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.9.3
Web Attacks:
Cross Site Request Forgery (CSRF)

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.9.4
Web Attacks:
Session Management

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.9.5
Web Attacks:
Redirection

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.10.1
Mobile: Background

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.10.2
Mobile: Attacks

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 4: Defensive Techniques
Module 5: Thinking Like an Analyst
5.1
Introduction to FPVA, First Principles Vulnerability Assessment

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.2
FPVA Step 1: Architectural Analysis (part 1)

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.2
FPVA Step 1: Architectural Analysis (part 2)

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.3
FPVA Step 2: Resource Identification

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.4
FPVA Step 3: Trust and Privilege Analysis

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.5
FPVA Step 4: Component Analysis

Link to video Link to text chapter Link to hands-on exercise
5.6
FPVA Step 5: Dissemination of Results

Link to video Link to text chapter Link to hands-on exercise
5.7
The Manager's Point of View: Responding to a Vulnerability

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 6: Automated Assessment Tools
6.1
How Tools Work
Part 1

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
6.2
How Tools Work
Part 2

Link to video Link to text chapter Link to hands-on exercise
6.3
Tools for C and C++

Link to video Link to text chapter Link to hands-on exercise
6.4
Tools for Java

Link to video Link to text chapter Link to hands-on exercise
6.5
Using Tools in the SWAMP

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 7: Dynamic Techniques (Fuzz Testing and Other Checkers)
7.1
Introduction to Fuzz Test

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
7.2.1
Classic Fuzz Testing
Section 1: Background

Link to video Link to text chapter Link to hands-on exercise
7.2.2
Classic Fuzz Testing
Section 2: Command Line Studies

Link to video Link to text chapter Link to hands-on exercise
7.2.3
Classic Fuzz Testing
Section 3: GUI-Based Studies

Link to video Link to text chapter Link to hands-on exercise
7.2.4
Classic Fuzz Testing
Sections 4 & 5: Other Studies, Commentary

Link to video Link to text chapter Link to hands-on exercise
7.3
Fuzz Testing with AFL

Link to video Link to text chapter Link to hands-on exercise
Supplementary Sections
Glossary of Terms
Link to video Link to text chapter Link to hands-on exercise

Valid HTML 4.01 Transitional
Last modified: Tue Jan 26 15:27:00 CST 2021 by bart