This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.
OVERVIEW Overview and expectations of the course
LOW-LEVEL SECURITY Low-level security: Attacks and exploits
DEFENDING AGAINST LOW-LEVEL EXPLOITS Defending against low-level exploits
WEB SECURITY Web security: Attacks and defenses
SECURE SOFTWARE DEVELOPMENT Designing and Building Secure Software
A very well put together course with a calm and methodical presentation style. Relatively easy if you know the C programming language. Overview of buffer overflows and other memory attacks, web security, secure design, static analysis, symbolic execution, fuzzing and penetration testing
MOOCs stand for Massive Open Online Courses. These arefree online courses from universities around the world (eg. StanfordHarvardMIT) offered to anyone with an internet connection.
How do I register?
To register for a course, click on "Go to Class" button on the course page. This will take you to the providers website where you can register for the course.
How do these MOOCs or free online courses work?
MOOCs are designed for an online audience, teaching primarily through short (5-20 min.) pre recorded video lectures, that you watch on weekly schedule when convenient for you. They also have student discussion forums, homework/assignments, and online quizzes or exams.
Very interesting material for introducing on security applied to software. The course is structured around three major blocks, each roughly two weeks from the syllabus. Each block includes a related lab project and interviews with professionals are provided on some units.
The course requires prior knowledge of C, memory management and UNIX. Some concepts about assembler, compiler and similar are advisable. The learning curve may be somewhat steep in the first weeks; thus I'd stress brushing up the aforementioned requirements.
Henrik Warnecompleted this course, spending 6 hours a week on it and found the course difficulty to be medium.
The first part covers buffer overflows and related memory attacks. Buffer overflows are really well explained, but the quiz and programming project can be difficult if you don't know C.
Next there was a section on web security, like SQL injection, XSS and CSRF. Again, very well explained. The programming project consisted of trying to break into a web site - great fun!
The final block covered static analysis, symbolic execution, fuzzing and penetration testing.
All in all a very enjoyable course, not least because profressor Hicks is very pedagogical - one of the best lecturers I have encountered in MOOCs. The quizzes are relatively easy, but the first and second programming projects took a bit of effort to complete. However, the workload was quite a bit less than for other programming courses I have taken on Coursera.
I've written a more detailed review here: http://henrikwarne.com/2015/10/20/coursera-course-review-software-security/
Bobby Bradydropped this course, spending 5 hours a week on it and found the course difficulty to be hard.
Challenging course, goes beyond most security MOOC's by incorporating projects that have the student analyze and exploit test code. Some of the most detailed explanations of overflows i have seen in online learning.
Need a strong background in C and Assembly to be successful in at least the first half.
Dropped about halfway thru only because it was the same material I took in my Stanford security program.
Marianocompleted this course, spending 4 hours a week on it and found the course difficulty to be medium.
The videos are engaging and include interviews with people working in the field. The topics are well separated and the practical tasks are quite fun, and eye-opening: First you hack a C program into running code it shouldn't, secondly you have to break into a website, and in the third you try fuzzy testing, all in prepared virtual machines.
The first two week material is too hard to absorb. Some more coding examples with detail explaination may be added in lectures. The other option could be adding couple of week contents on crash review of C/C++ language like strings, pointers, structures and relevant material.
Thomas Dcompleted this course, spending 3 hours a week on it and found the course difficulty to be hard.
I highly recommend this course. The covered subjects are really interesting, and the instructor is a great teacher. He goes quite in-depth also and explains the history and state of the art of each subject, which make it much easier to understand.
The first two assessments were also extremely interesting. The 3rd one was more straightforward but still interesting.
Jdmrsdropped this course, spending 8 hours a week on it and found the course difficulty to be very hard.
Like someone else wrote, the first two week material is too hard to absorb. Some more coding examples with detail explanation may be added in lectures. The other option could be adding couple of week contents on crash review of C/C++ language like strings, pointers, structures and relevant material.