Introduction to Software Security

Videos by Elisa Heymann and Barton P. Miller
Text by Elisa Heymann, Loren Kohnfelder and Barton P. Miller

Contacts: elisa@cs.wisc.edu and bart@cs.wisc.edu.

© 2020 Elisa Heymann, Barton P. Miller and Loren Kohnfelder. All rights reserved.
Instructors may link to this page and students are free to use these resources for their personal use.

Module 1: Introduction
1.1
Welcome and Overview
Link to video Link to text chapter Link to hands-on exercise
1.2.1
Introduction Part 1: Basic Terminology
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
1.2.2
Introduction Part 2: Threats
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
1.2.3
Introduction Part 3: Risks and Basic Concepts
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
1.3
Thinking Like an Attacker: Owning the Bits
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 2: Thinking Like a Designer
2.1
Secure Design Principles
Link to video Link to text chapter Link to hands-on exercise
2.2
Threat Modeling Overview and Goals
Link to video Link to text chapter Link to hands-on exercise
2.3
Threat Modeling Methodology
Link to video Link to text chapter Link to hands-on exercise
Module 3: Thinking Like an Programmer: Secure Programming
3.1
Pointers and Strings
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.2
Numeric Errors
Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.3
Directory Traversal
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.4
Exceptions
Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.5
Serialization
Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.6
Privilege, Sandboxing, Environments
Link to video Link to text chapter Link to hands-on exercise
3.7
Host Name Authentication
Link to video Link to text chapter Link to hands-on exercise
3.8
Introduction to Injection Attacks
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.8.1
SQL Injections
Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.8.2
Command Injections
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.8.3
Code Injections
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.8.4
XML Injections
Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.9.1
Web Attacks:
Background
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.9.2
Web Attacks:
Cross Site Scripting (XSS)
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.9.3
Web Attacks:
Cross Site Request Forgery (CSRF)
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.9.4
Web Attacks:
Session Management
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.9.5
Web Attacks:
Redirection
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.10.1
Mobile: Background
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.10.2
Mobile: Attacks
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 4: Defensive Techniques
4.1
Address Space Layout Randomization
Link to video Link to text chapter Link to hands-on exercise
4.2
Stack Canaries and Heap Guards
Link to video Link to text chapter Link to hands-on exercise
Module 5: Thinking Like an Analyst
5.1
Introduction to FPVA, First Principles Vulnerability Assessment
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.2
FPVA Step 1: Architectural Analysis (part 1)
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.2
FPVA Step 1: Architectural Analysis (part 2)
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.3
FPVA Step 2: Resource Identification
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.4
FPVA Step 3: Trust and Privilege Analysis
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.5
FPVA Step 4: Component Analysis
Link to video Link to text chapter Link to hands-on exercise
5.6
FPVA Step 5: Dissemination of Results
Link to video Link to text chapter Link to hands-on exercise
5.7
The Manager's Point of View: Responding to a Vulnerability
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 6: Automated Assessment Tools
6.1
How Tools Work
Part 1
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
6.2
How Tools Work
Part 2
Link to video Link to text chapter Link to hands-on exercise
6.3
Tools for C and C++
Link to video Link to text chapter Link to hands-on exercise
6.4
Tools for Java
Link to video Link to text chapter Link to hands-on exercise
6.5
Using Tools in the SWAMP
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 7: Dynamic Techniques (Fuzz Testing and Other Checkers)
7.1
Introduction to Fuzz Testing
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
7.2.1
Classic Fuzz Testing
Section 1: Background
Link to video Link to text chapter Link to hands-on exercise
7.2.2
Classic Fuzz Testing
Section 2: Command Line Studies
Link to video Link to text chapter Link to hands-on exercise
7.2.3
Classic Fuzz Testing
Section 3: GUI-Based Studies
Link to video Link to text chapter Link to hands-on exercise
7.2.4
Classic Fuzz Testing
Sections 4 & 5: Other Studies, Commentary
Link to video Link to text chapter Link to hands-on exercise
7.3
Fuzz Testing with AFL
Link to video Link to text chapter Link to hands-on exercise
7.4
Memory Checking Tools
Link to video Link to text chapter Link to hands-on exercise
Supplementary Sections
Glossary of Terms
Link to video Link to text chapter Link to hands-on exercise

Valid HTML 4.01 Transitional
Last modified: Fri Feb 5 11:59:27 CST 2021 by bart