Due by class means due at the time class starts. For example, if your section’s class starts at 10:00am, then “Monday by class” means 10am on Monday. This gives our TA an opportunity to spot-check the submissions and fix any submission issues when everyone’s together.
Schedule
-
- Week
- Dates
- Lecture & Activites
- Vulnerability of the Day
- Due or Released
- Reading
-
- 3
- 01/29-02/02
- Security Lifecycle; Testing: penetration testing; Requirements: Misuse & Abuse Cases
- Cross-site request forgery (CSRF), OS command injection
- Fuzzer iteration 0 due Wednesday by class
- CWE-352 CSRF Description CWE-78
-
- 6
- 02/19-02/23
- Threat modeling activity. Implementation: defensive coding practices, Defensive coding (cont’d)
- Hardcoded credentials
- SW Weaknesses Assignment (myCourses)
- CWE-798 CVSS v3 Spec
-
- 7
- 02/26-03/01
- Exam-1: Friday 03/01 Vulnerability assessment: CVSS; CVSS Activity
- Time of Check Time of Use (TOCTOU), Log neutralization
- SW Weakness assignment due Monday by class (See myCourses). Takehome exam released Friday (PDF on myCourses).
- CWE-367 CWE-117 CWE-93 CAPEC-93 Video: Finding Vulnerability Fixes
-
- 8
- 03/04-03/08
- Cryptography: authentication, public & symmetric keys, SSH, SSL, PGP, side-channel attacks
- Hashing without salt, poor PRNG seed protection
- Takehome exam due Monday by class. Input handling project released.
- CWE-759 Salting Guide
-
- 9
- 03/11-03/15
- Spring Break - No Classes
-
- 10
- 03/18-03/22
- Usability and Security. OAuth activity; Deployment & Distribution: patching
- Insecure PRNG algorithms, Java reflection abuse
- Input handling project (Part 0, 1, 2) due Wednesday by class.
- CWE-338 OAuth Spec
-
- 11
- 03/25-03/29
- Activity: Case study recon - see Case Study
- Input Handling project, remaining parts (Part 3, 4, 5); Case study released;
- CWE-470
-
- 12
- 04/01-04/05
- Exam review. Exam-2: Friday 04/05.
- Case study proposal due Wednesday by class;
-
- 13
- 04/08-04/12
- Networking: OSI model, MitM attacks. Insider Threat Team activity.
- Case study chapter 1 due Friday by class;
-
- 14
- 04/15-04/19
- Dependency & Supply Chain; Supply-chain attacks;
- Cache poisoning
- Case study chapter 2 due Friday by class; Networking assignment (Port Scans/ Wireshark) (See myCourses);
- CAPEC-141 Video: DNS Cache Poisoning
-
- 15
- 04/22-04/26
- Cybersecurity policy & law; Case Study Presentations
- Uncontrolled format string, compression bombs. If time: dynamic library side-loading
- Networking assignment due Monday by class(See myCourses); Case study final version due Friday by class;
- CWE-134 CWE-409 Compression Bombs
-
- 16
- 04/29-/05/01
- Final Exam Review
-
- Final Exam
- Date: 05/01, Wednesday, 4:15pm-6:45pm
- Loc: GOL-1520