Introduction to Software Security

Videos by Elisa Heymann and Barton P. Miller
Text by Elisa Heymann, Loren Kohnfelder and Barton P. Miller

Contacts: elisa@cs.wisc.edu and bart@cs.wisc.edu.

© 2019 Elisa Heymann, Barton P. Miller and Loren Kohnfelder. All rights reserved.

Module 1: Introduction
1.1
Welcome and Overview

Link to video Link to text chapter Link to hands-on exercise
1.2.1
Introduction Part 1: Basic Terminology

Link to video Link to text chapter Link to hands-on exercise
1.2.2
Introduction Part 2: Threats

Link to video Link to text chapter Link to hands-on exercise
1.2.3
Introduction Part 3: Risks and Basic Concepts

Link to video Link to text chapter Link to hands-on exercise
1.3
Thinking Like an Attacker: Owning the Bits

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 2: Thinking Like a Designer
2.1
Secure Design Principles

Link to video Link to text chapter Link to hands-on exercise
2.2
Threat Modeling Overview and Goals

Link to video Link to text chapter Link to hands-on exercise
2.3
Threat Modeling Methodology

Link to video Link to text chapter Link to hands-on exercise
Module 3: Thinking Like an Programmer: Secure Programming
3.1
Pointers and Strings

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.2
Numeric Errors

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.3
Directory Traversal

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.4
Exceptions

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.5
Serialization

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.6
Privilege, Sandboxing, Environments

Link to video Link to text chapter Link to hands-on exercise
3.7
DNS Attacks

Link to video Link to text chapter Link to hands-on exercise
3.8
Introduction to Injection Attacks

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.8.1
SQL Injections

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.8.2
Command Injections

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.8.3
Code Injections

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.8.4
XML Injections

Link to video Link to text chapter Link to hands-on exercise
Closed caption English, Español
3.9.1
Web Attacks:
Cross Site Mechanisms

Link to video Link to text chapter Link to hands-on exercise
3.9.2
Web Attacks:
Session Hijacking and Open Redirect

Link to video Link to text chapter Link to hands-on exercise
3.10.1
Mobile: Background

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
3.10.2
Mobile: Attacks

Link to video Link to text chapter Link to hands-on exercise
Module 4: Defensive Techniques
Module 5: Thinking Like an Analyst
5.1
Introduction to First Principles Vulnerability Assessment (FPVA)

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
5.2
FPVA Step 1: Architectural Anaysis

Link to video Link to text chapter Link to hands-on exercise
5.3
FPVA Step 2: Resource Identification

Link to video Link to text chapter Link to hands-on exercise
5.4
FPVA Step 3: Trust and Privilege Analysis

Link to video Link to text chapter Link to hands-on exercise
5.5
FPVA Step 4: Component Analysis

Link to video Link to text chapter Link to hands-on exercise
5.6
FPVA Step 4: Dissemination of Results

Link to video Link to text chapter Link to hands-on exercise
5.7
The Manager's Point of View: Responding to a Vulnerability

Link to video Link to text chapter Link to hands-on exercise
Module 6: Automated Assessment Tools
6.1
How Tools Work
Part 1

Link to video Link to text chapter Link to hands-on exercise
6.2
How Tools Work
Part 2

Link to video Link to text chapter Link to hands-on exercise
6.3
Tools for C and C++

Link to video Link to text chapter Link to hands-on exercise
6.4
Tools for Java

Link to video Link to text chapter Link to hands-on exercise
6.5
Using Tools in the SWAMP

Link to video Link to text chapter Link to hands-on exercise
Closed caption English
Module 7: Dynamic Techniques (Fuzz Testing and Other Checkers)

Valid HTML 4.01 Transitional
Last modified: Sun Mar 24 13:37:18 CDT 2019 by bart