Introduction and Overview
- Overview of Computer Security (Lecture Notes:
pdf)
Software Security
- Unix Security Basics (Lecture Notes:
pdf)
- Users and Groups.
- File Permissions: access control, umask, chmod, chown, chgrp, Set-UID.
- Set-UID Programs and Vulnerabilities (Chapter 1)
- Vulnerabilities and Attacks
- Environment variables and attacks (Chapter 2)
- Shellshock attack (Chapter 3)
- Buffer Overflow attack(Chapter 4)
- Return-to-libc attack and return-oriented programming (Chapter 5)
- Format String attack (Chapter 6)
- Race Condition attack (Chapter 7)
- Dirty COW attack (Chapter 8)
- Reverse Shell (Chapter 9)
Web Security: Vulnerabilities and Access Control
- Basics of Web Security
- HTML, HTML5, HTTP, HTTPS, JavaScript, Apache, PHP.
- Session ID, Cookies, DOM objects
- Same Origin Policy (SOP)
- Vulnerabilities and Attacks
- Cross-Site Request Forgery (CSRF) Attacks (Chapter 10)
- Cross-Site Scripting (XSS) Attacks (Chapter 11)
- SQL Injection Attacks (Chapter 12)
- ClickJacking Attacks
- Web Tracking and Privacy
- Required Reading:
How Advertisers Use Internet Cookies to Track You
(The Wall Street Journal, July 30, 2010).
-
The Web's New Gold Mine: Your Secrets
(The Wall Street Journal, July 30, 2010).
-
Firesheep Highlights Web Privacy Problem
(The Wall Street Journal, August 25, 2010).
-
Facebook in Privacy Breach: Top-Ranked Applications Transmit Personal IDs, a Journal
Investigation Finds
(The Wall Street Journal, October 18, 2010).
-
A Web Pioneer Profiles Users by Name
(The Wall Street Journal, October 25, 2010).
Hardware Security
- Meltdown attack against CPU (Chapter 13)
- Spectre attack against CPU (Chapter 14)
- Intel x86 Protection Mode
(Lecture Notes:
pdf )
Mobile System (Android) Security
- Introduction of Android Operating System's Security Architecture
- Application sandbox
- Android Permissions
- Attacks on mobile system
- Rooting attack
- Repackaging attack
- Attacks on HTML5-based apps