Schedule
# | Topic | Details |
---|---|---|
program, process, shell, shell script, command-line environment, internet, TCP/IP, DNS, netcat |
||
1 |
security (CIA), attacker mindset & tools, web recap, code injection on web (eval, deserialization, XSS) |
|
2 |
systems recap (hw, os, db), code injection on systems (command- & SQL-injection, buffer overflows) |
|
packet sniffing (Wireshark), port scanning (nmap), base64, SQL injection, XSS, deserialization |
||
3 |
microarchitectural attacks, traffic analysis, airgap attacks, social engineering (weapons of influence) |
|
4 |
vulnerability scanning, intrusion detection, logging, malware removal, isolation, firewalls |
|
isolation (NAT Network in VirtualBox), vulnerability scanning (gvm), exploitation (metasploit) |
||
5 |
security principles, security mechanisms (e.g. testing: SAST), security requirements, security evaluation |
|
6 |
factors (know, have, are), passwords, tokens, single sign-on (SSO), multi-factor authentication (MFA) |
|
security requirements, online dictionary attack (patator), logging (slf4j), MFA, SAST, Man in the Middle |
||
7 |
history (OTP), key generation, block cipher (AES, CBC), stream cipher (Salsa20), key exchange (DH) |
|
8 |
hashing (SHA), authentication (HMAC, OCB, RSA), cryptosystems (TLS, PGP, OTR), password storage |
|
gpg, openssl, testssl, tokens (HMAC), offline dictionary attack (john), passwords (PBKDF2, passay) |
||
9 |
models (DAC, MAC, RBAC, ABAC), access control lists (ACL), capabilities, confused deputy, trojan horse |
|
10 |
decentralized access control, DAC (JWT, OAuth, proof of possession, OIDC), MAC (API gateway, OPA) |
|
centralized: (ACL; setfacl, getfacl), decentralized: DAC (OAuth, OIDC, MFA), MAC (ABAC, OPA) |
||
11 |
language-based security, information-flow control (static analysis, runtime monitor), bases of trust |
|
12 |
developers (mistakes they make), end-users (enabling tasks, nudges), employees (insider defenses) |
|
bases of trust, information-flow control: static analysis, runtime monitor, dynamic policies (paragon) |
*: work in progress.
Numbered rows are lectures. Un-numbered rows are assignments and labs.
Course Description
Here.