Introduction to Software Security

Videos by Elisa Heymann and Barton P. Miller
Text by Elisa Heymann, Loren Kohnfelder and Barton P. Miller

Contacts: elisa@cs.wisc.edu and bart@cs.wisc.edu.

© 2020 Elisa Heymann, Barton P. Miller and Loren Kohnfelder. All rights reserved.

Module 1: Introduction
1.1
Welcome and Overview
Link to video Link to text chapter Link to hands-on exercise
1.2.1
Introduction Part 1: Basic Terminology
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
1.2.2
Introduction Part 2: Threats
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
1.2.3
Introduction Part 3: Risks and Basic Concepts
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
1.3
Thinking Like an Attacker: Owning the Bits
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 2: Thinking Like a Designer
2.1
Secure Design Principles
Link to video Link to text chapter Link to hands-on exercise
2.2
Threat Modeling Overview and Goals
Link to video Link to text chapter Link to hands-on exercise
2.3
Threat Modeling Methodology
Link to video Link to text chapter Link to hands-on exercise
Module 3: Thinking Like an Programmer: Secure Programming
3.1
Pointers and Strings
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.2
Numeric Errors
Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.3
Directory Traversal
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.4
Exceptions
Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.5
Serialization
Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.6
Privilege, Sandboxing, Environments
Link to video Link to text chapter Link to hands-on exercise
3.7
Host Name Authentication
Link to video Link to text chapter Link to hands-on exercise
3.8
Introduction to Injection Attacks
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.8.1
SQL Injections
Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.8.2
Command Injections
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.8.3
Code Injections
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.8.4
XML Injections
Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.9.1
Web Attacks:
Background
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.9.2
Web Attacks:
Cross Site Scripting (XSS)
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.9.3
Web Attacks:
Cross Site Request Forgery (CSRF)
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.9.4
Web Attacks:
Session Management
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.9.5
Web Attacks:
Redirection
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.10.1
Mobile: Background
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.10.2
Mobile: Attacks
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 4: Defensive Techniques
Module 5: Thinking Like an Analyst
5.1
Introduction to FPVA, First Principles Vulnerability Assessment
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.2
FPVA Step 1: Architectural Analysis (part 1)
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.2
FPVA Step 1: Architectural Analysis (part 2)
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.3
FPVA Step 2: Resource Identification
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.4
FPVA Step 3: Trust and Privilege Analysis
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.5
FPVA Step 4: Component Analysis
Link to video Link to text chapter Link to hands-on exercise
5.6
FPVA Step 5: Dissemination of Results
Link to video Link to text chapter Link to hands-on exercise
5.7
The Manager's Point of View: Responding to a Vulnerability
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 6: Automated Assessment Tools
6.1
How Tools Work
Part 1
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
6.2
How Tools Work
Part 2
Link to video Link to text chapter Link to hands-on exercise
6.3
Tools for C and C++
Link to video Link to text chapter Link to hands-on exercise
6.4
Tools for Java
Link to video Link to text chapter Link to hands-on exercise
6.5
Using Tools in the SWAMP
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 7: Dynamic Techniques (Fuzz Testing and Other Checkers)
7.1
Introduction to Fuzz Test
Link to video Link to text chapter Link to hands-on exercise
Closed caption English
7.2.1
Classic Fuzz Testing
Section 1: Background
Link to video Link to text chapter Link to hands-on exercise
7.2.2
Classic Fuzz Testing
Section 2: Command Line Studies
Link to video Link to text chapter Link to hands-on exercise
7.2.3
Classic Fuzz Testing
Section 3: GUI-Based Studies
Link to video Link to text chapter Link to hands-on exercise
7.2.4
Classic Fuzz Testing
Sections 4 & 5: Other Studies, Commentary
Link to video Link to text chapter Link to hands-on exercise
7.3
Fuzz Testing with AFL
Link to video Link to text chapter Link to hands-on exercise
Supplementary Sections
Glossary of Terms
Link to video Link to text chapter Link to hands-on exercise

Valid HTML 4.01 Transitional
Last modified: Tue Jan 26 15:27:00 CST 2021 by bart