Course Syllabus
Security Goals, Secure Design Principles, Authentication, Linux Password scheme, Password Security, Privilege Escalation Attacks, Assembly Primer, Shellcoding, ELF File Format, Memory Exploits – Buffer Overflow, Off by one overflow, Format String Attacks, Integer Overflow, Return to Libc, Heap Overflow, Case Study of Local and Remote Attacks, Exploit Development with Metasploit, Web Security – HTML/DOM Refresher, JavaScript, Browser Security Model, Authentication and Session Management, Cookies, Same Origin Policy, Security Policy for Windows and Frames, Web Vulnerabilities – Cookie protocol problems, SQL Injection, XSS, CSRF, SSL/TLS Vulnerabilities, Session Hijacking, Guninski Attack, Defenses, Understanding Threats – Classification, Rootkits, Virus, Worm, Clickjacking, Phishing, Pharming, Exploit kits, Botnets, Defenses- ASLR, DEP, Stack Canaries, Secure Coding Techniques for C Programs, Trusted Execution Environment- Case Study on TrustZone, Security Vulnerability Tools , Static and Dynamic Analysis overview