Due by class means due at the time class starts. For example, if your section’s class starts at 11:00am, then “Monday by class” means 10am on Monday. This gives our TA an opportunity to spot-check the submissions and fix any submission issues when everyone’s together.
Schedule
-
- Week
- Dates
- Lecture & Activites
- Vulnerability of the Day
- Due or Released
- Reading
-
- 3
- 01/29-02/02
- Security Lifecycle; Testing: penetration testing; Requirements: Misuse & Abuse Cases
- Cross-site request forgery (CSRF), OS command injection
- Fuzzer iteration 0 due Wednesday by class
- CWE-352 CSRF Description CWE-78
-
- 6
- 02/19-02/23
- Threat modeling activity. Implementation: defensive coding practices
- SW Weaknesses Assignment (myCourses)
- CWE-798 CVSS v3 Spec
-
- 8
- 03/04-03/08
- Vulnerability assessment: CVSS;
- Time of Check Time of Use (TOCTOU), Log neutralization
- Takehome exam due Monday by class. SW Weakness assignment due Friday EOD (See myCourses). Input handling project released.
-
- 9
- 03/11-03/15
- Spring Break - No Classes
-
- 10
- 03/18-03/22
- CVSS Activity; Cryptography: authentication, public & symmetric keys, SSH, SSL, PGP, side-channel attacks
- Hashing without salt; poor PRNG seed protection
- Input handling project (Part 0, 1, 2) due Wednesday by class.
- CWE-759 CWE-338 Salting Guide
-
- 11
- 03/25-03/29
- Usability and Security. OAuth activity.
- Insecure PRNG algorithms; Java reflection abuse
- Input Handling project, remaining parts (Part 3, 4, 5) due Wednesday by class;
- OAuth Spec CWE-470
-
- 12
- 04/01-04/05
- Deployment & Distribution: patching; Insider Threat. Exam-2: Friday 04/05.
- Case study released;
-
- 13
- 04/08-04/12
- Networking: OSI model, MitM attacks. Activity: Case study recon - see Case Study
- Cache poisoning
- Case study proposal due Friday by class
- CAPEC-141 Video: DNS Cache Poisoning
-
- 14
- 04/15-04/19
- Dependency & Supply Chain; Supply-chain attacks;
- Uncontrolled format string
- Case study chapter 1 due Wednesday by EOD; Networking assignment (Port Scans/ Wireshark) - see myCourses for due date
-
- 15
- 04/22-04/26
- Cybersecurity policy & law; Case Study Presentations
- Compression bombs. If time: dynamic library side-loading
- Case study chapter 2 due Wednesday by EOD;
- CWE-134 CWE-409 Compression Bombs
-
- 16
- 04/29-/05/01
- Final Exam Review
- Case study final version due Wednesday by class;
-
- Final Exam
- Date: 05/01, Wednesday, 4:15pm-6:45pm
- Loc: GOL-1640