Cybersecurity Specialization - Cybersecurity Fundamentals. Construction of Secure Systems - Coursera
-
Fundamentals of Human-Computer Interaction
- Integrate an understanding of human abilities with technological demands
- Develop task lists
- Identify usability issues, problems, and successes
- Usability 101
- Human-Computer Interaction
-
Design
- Exercise design methodology to develop an interface
- Choose appropriate design techniques for your task
- See how design lessons apply to building secure systems
- Crying Wolf: An Empirical Study of SSL Warning Effectiveness
- Human-Centered Design
- How to brainstorm-video tutorials
-
Evaluation
- Perform qualitative usability analysis
- Run quantitative analyses
- Execute a usability study
- Read and analyze evaluations conducted by others
- You've been warned: an empirical study of the effectiveness of web browser phishing warnings
- Introduction to Usability Testing
-
Strategies for Secure Interaction Design
- Apply guidelines for creating usable security
- Analyze the delegation of authority in secure systems
- Understand how guidelines are applied (or not) in existing systems and how it affects usability
- Secure Interaction Design
-
Usable Authentication
- Describe many types of authentication mechanisms
- Understand the usability of various authentication mechanisms and how they relate to security
- Your Online Secrets
- The Usability of Passwords
- Smudge Attacks on Smartphone Touch Screens
- XKCD Password Security
-
Usable privacy
- Design usable privacy systems
- Help users express privacy preferences
- Evaluate the usability of privacy systems
- Why we overshare online
- Five Pitfalls for Designers
- Informed Consent by Design
-
LOW-LEVEL SECURITY
- Understand the standard memory layout of running processes on the x86 architecture
- Identify buffer overflows and related memory-based vulnerabilities in C programs, such as those based on format strings
- Construct a simple exploit of a buffer overflow
- Understand how exploits can inject remote code, and perform other security compromises
- Common vulnerabilities guide for C programmers
- Memory Layout of C Programs
-
DEFENDING AGAINST LOW-LEVEL EXPLOITS
- Comprehend the meaning of the properties memory safety, and type safety
- Memory-based attacks, including stack canaries, data execution protection (DEP), and address space layout randomization (ASLR)
- Understand how attacks based on return-oriented programming (ROP) work
- Understand the concept of control-flow integrity (CFI) and how it can defeat ROP-based attacks
- What is memory safety?
- What is type safety?
-
WEB SECURITY
- Understand how SQL injection attacks affect web application back ends
- Session hijacking and Cross-site Request Forgery (CSRF) attacks
- Understand how popular, browser-executed Javascript programs can be used incorrectly by web sites
- Focus on employing input validation and sanitization
- SQL Injection
- SQL Injection Cheat Sheet
- 2011 CWE/SANS Top 25 Most Dangerous Software Errors
-
SECURE SOFTWARE DEVELOPMENT
- Enumerate a series of design principles for writing secure software
- Explain how such principles can be violated, pointing to actual incidents
- Put these principles into practice by drawing inspiration from well-designed, secure systems
- The Protection of Information in Computer Systems
- Avoiding the Top 10 Software Security Design Flaws
- Building Security In
-
PROGRAM ANALYSIS
- Know what static analysis (SA) and symbolic execution (SE) are, how they compare, and why they are hard
- Understand the basics of each approach
- Understand how to improve the precision and scalability of each approach
- What is noninterference, and how do we enforce it?
- Using Static Analysis to Find Bugs in the Real World
-
PEN TESTING
- Understand what penetration testing is and what it achieves
- Know the basics of several state-of-the-art penetration testing tools
- Understand fuzz testing techniques and how they compare
- Ware report
- Defcon CTF contest
-
Introduction and Classical Cryptography
- Private-key encryption
- Classical encryption schemes
- Notion of perfect secrecy, and present a scheme that provably achieves this notion of security
-
Computational Secrecy and Principles of Modern Cryptography
- Computational security, central concept of modern cryptography
- Pseudorandom generator, also known as a stream cipher in practice
- Roof by reduction, a powerful technique for proving schemes secure
-
Private-Key Encryption
- Private-key encryption by looking at stronger security notions and efficient schemes achieving them
- Pseudorandom functions (aka, block ciphers)
- Security against chosen-ciphertext attacks
- Padding-oracle attack
-
Message Authentication Codes
- Message integrity
- Message authentication codes
- Secrecy and integrity in authenticated encryption
- Secure communication sessions
-
Number Theory
- Public-key cryptography in group theory and number theory
- Number-theoretic assumptions
- Hardness of factoring, and the related RSA problem
- Discrete logarithms in certain groups, and Diffie-Hellman problems
-
Key Exchange and Public-Key Encryption
- Public-key cryptography (in general) and public-key encryption (in particular)
- Diffie-Hellman key-exchange protocol
- Public-key encryption schemes based on both the discrete-logarithm (technically, decisional Diffie-Hellman) problem, and the RSA problem
-
Digital Signatures
- Digital signatures, which can be used to provide integrity in the public-key setting
- Signature constructions based on the RSA and discrete-logarithm problems
- Important application of digital signatures to public-key distribution in today's Internet
- SSL/TLS protocol, which you are using right now as you view this page
-
Digital System Design: Basics and Vulnerabilities
- Understand how digital system is specified, implemented, and optimized
- Learn what are sequential systems and how they are designed
- Identify the don't care conditions introduced during the design process
- Know that there exist security and trust vulnerabilities in hardware
-
Design Intellectual Property (IP) Protection
- Learn self-protection techniques for design IPs: watermarking, fingerprinting, metering
- Assess the trade-off among security, cost and performance
-
Physical Attacks and Modular Exponentiation
- Understand the vulnerability to a system from hardware (physical attacks)
- Learn the available countermeasures to physical attacks
- Perform security evaluation for the hardware implementation of security modules
- Modular exponentiation, various ways to evaluate it and the security vulnerability
- Physical Attacks and Tamper Resistance
-
Side Channel Attacks
- Learn the vulnerabilities of information leak from side channels
- Understand how attacks can be launched from various side channels
- Consider the potential side channel information leak when you design a secure system
- Get better understanding on how to implement security primitives such as RSA securely
-
Hardware Trojan and Physical Unclonable Functions
- Understand various kind of hardware Trojan and how they work
- Know the popular hardware Trojan detection approaches
- Study several practical methods for hardware Torjan prevention
- Expose the concept of trusted integrated circuits and how to build trust in ICs
-
Emerging Hardware Security Topics
- Know the basics of TPM
- Understand what is PUF and how it can help to build more secure system
- Learn the vulnerabilities and countermeasures in FPGA design and FPGA-based systems