Introduction to Software Security

Videos by Elisa Heymann and Barton P. Miller
Text by Elisa Heymann, Loren Kohnfelder and Barton P. Miller

Contacts: elisa@cs.wisc.edu and bart@cs.wisc.edu.

© 2019 Elisa Heymann, Barton P. Miller and Loren Kohnfelder. All rights reserved.

Module 1: Introduction

1.1 Welcome and Overview 1.2.1 Introduction Part 1: Basic Terminology 1.2.2 Introduction Part 2: Threats 1.2.3 Introduction Part 3: Risks and Basic Concepts

1.3 Thinking Like an Attacker: Owning the Bits English

Module 2: Thinking Like a Designer

2.1 Secure Design Principles 2.2 Threat Modeling Overview and Goals 2.3 Threat Modeling Methodology

Module 3: Thinking Like an Programmer: Secure Programming

3.1 Pointers and Strings English 3.2 Numeric Errors English, Español 3.3 Directory Traversal English 3.4 Exceptions English, Español 3.5 Serialization English, Español 3.6 Privilege, Sandboxing, Environments 3.7 DNS Attacks 3.8 Introduction to Injection Attacks English 3.8.1 SQL Injections English, Español 3.8.2 Command Injections English 3.8.3 Code Injections English 3.8.4 XML Injections English, Español 3.9.1 Web Attacks: Cross Site Mechanisms 3.9.2 Web Attacks: Session Hijacking and Open Redirect 3.10.1 Mobile: Background English 3.10.2 Mobile: Attacks

Module 4: Defensive Techniques

Module 5: Thinking Like an Analyst

5.1 Introduction to First Principles Vulnerability Assessment (FPVA) English 5.2 FPVA Step 1: Architectural Anaysis 5.3 FPVA Step 2: Resource Identification 5.4 FPVA Step 3: Trust and Privilege Analysis 5.5 FPVA Step 4: Component Analysis 5.6 FPVA Step 4: Dissemination of Results 5.7 The Manager's Point of View: Responding to a Vulnerability

Module 6: Automated Assessment Tools

6.1 How Tools Work Part 1 6.2 How Tools Work Part 2 6.3 Tools for C and C++ 6.4 Tools for Java 6.5 Using Tools in the SWAMP English

Module 7: Dynamic Techniques (Fuzz Testing and Other Checkers)

Last modified: Sun Mar 24 13:37:18 CDT 2019 by bart