© 2019 Elisa Heymann, Barton P. Miller and Loren Kohnfelder. All rights reserved.
|
Module 1: Introduction
|
1.1
Welcome and Overview
|
1.2.1
Introduction Part 1: Basic Terminology
|
1.2.2
Introduction Part 2: Threats
|
1.2.3
Introduction Part 3: Risks and Basic Concepts
|
|
1.3
Thinking Like an Attacker: Owning the Bits
|
|
|
|
|
|
Module 2: Thinking Like a Designer
|
|
Module 3: Thinking Like an Programmer: Secure Programming
|
3.1
Pointers and Strings
|
3.2
Numeric Errors
|
3.3
Directory Traversal
|
3.4
Exceptions
|
3.5
Serialization
|
3.6
Privilege, Sandboxing, Environments
|
3.7
DNS Attacks
|
3.8
Introduction to Injection Attacks
|
3.8.1
SQL Injections
|
3.8.2
Command Injections
|
3.8.3
Code Injections
|
3.8.4
XML Injections
|
3.9.1
Web Attacks:
Cross Site Mechanisms
|
3.9.2
Web Attacks:
Session Hijacking and Open Redirect
|
3.10.1
Mobile: Background
|
3.10.2
Mobile: Attacks
|
|
|
Module 4: Defensive Techniques
|
|
Module 5: Thinking Like an Analyst
|
5.1
Introduction to First Principles Vulnerability Assessment (FPVA)
|
5.2
FPVA Step 1: Architectural Anaysis
|
5.3
FPVA Step 2: Resource Identification
|
5.4
FPVA Step 3: Trust and Privilege Analysis
|
5.5
FPVA Step 4: Component Analysis
|
5.6
FPVA Step 4: Dissemination of Results
|
5.7
The Manager's Point of View: Responding to a Vulnerability
|
|
|
|
Module 6: Automated Assessment Tools
|
6.1
How Tools Work
Part 1
|
6.2
How Tools Work
Part 2
|
6.3
Tools for C and C++
|
6.4
Tools for Java
|
6.5
Using Tools in the SWAMP
|
|
|
|
|
|
Module 7: Dynamic Techniques (Fuzz Testing and Other Checkers)
|
English