Detailed Course Syllabus:
- Security Goals: Authentication, Authorization, Confidentiality, Message/Data Integrity, Accountability, Availability, Non-Repudiation
- Secure Software Design Lifecycle: Threat Modeling, Designing-In Security, Security Requirements, Validation and Fraud Checks, Security QA
- Secure Systems Design Trade-Offs: Avoiding Security By Obscurity, Open vs. Closed Source, Economics of Security
- Security Design Principles: Least Privilege, Defense-In-Depth, Diversity-In-Defense, Securing the Weakest Link, Fail-Safe Stance, Secure By Default, Simplicity, Usability, Security Features vs. Security
- Worms and Malware: Morris Worm, Code Red, Nimbda, Blaster, SQL Slammer, Creation of CERT
- Buffer Overflows / Memory Corruption: Stack Overflows, Safe String Libraries
- Client-State Manipulation: Session Management, Authoritative State, Cookies, Javascript
- SQL Injection: Basic Attacks, Input Validation, Blacklisting, Whitelisting, Escaping, Prepared Statements, Bind Variables
- Password Security: Offline vs. Online Dictionary Attacks, Hashing, Salting, Password Strength, Honeypot Passwords, Password Filtering, Aging Passwords, Pronouncable Passwords, Limiting Login Attempts, Artificial Delays, Last Login, Image Authentication, One-Time Passwords (OTP)
- Symmetric Cryptography: Block Ciphers (AES, 3DES), Block Cipher Modes (EBC, CBC), One-Time Pads, Stream Ciphers (RC4)
- Public-Key Cryptography: RSA, Elliptic-Curve Cryptography (ECC), Certficates and Certificate Authorities (CAs)
- Key Management and Exchange: Identity, Conversation/Session, and Integrity Keys, Random Number Generation, Key Storage, Key Agreement, Diffie-Hellman
- Signatures: Digital Signature Schemes, Registration Authorities, Web of Trust, PGP, Hash Functions (MD5/SHA), Secure Sockets Layer (SSL)
|
Foundations of Security: What Every Programmer Needs To Know by Neil Daswani, Christoph Kern, and Anita Kesavan (included with course purchase)
|
