Software Security

University of Maryland, College Park via Coursera

Go to class Write review

Details

Go to class

Provider

Coursera
Pricing

Free Online Course (Audit)
Languages

English
Certificate

Paid Certificate Available
Duration & workload

6 weeks long, 18 hours worth of material
Sessions
Subtitles

Arabic, French, Portuguese, Italian, German, Russian, English, Spanish, Korean

Found in

Part of

Cybersecurity

4.5

Overview

Class Central Tips

This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.

Syllabus

OVERVIEW

Overview and expectations of the course

LOW-LEVEL SECURITY

Low-level security: Attacks and exploits

DEFENDING AGAINST LOW-LEVEL EXPLOITS

Defending against low-level exploits

WEB SECURITY

Web security: Attacks and defenses

SECURE SOFTWARE DEVELOPMENT

Designing and Building Secure Software

PROGRAM ANALYSIS

Static Program Analysis

PEN TESTING

Penetration and Fuzz Testing

Taught by

Michael Hicks

Reviews

4.2 rating, based on 24 Class Central reviews

4.6 rating at Coursera based on 1585 ratings

Start your review of Software Security

Henrik Warne @henrik

Henrik Warne completed this course, spending 6 hours a week on it and found the course difficulty to be medium.

The first part covers buffer overflows and related memory attacks. Buffer overflows are really well explained, but the quiz and programming project can be difficult if you don't know C. Next there was a section on web security, like SQL injection, XSS...

The first part covers buffer overflows and related memory attacks. Buffer overflows are really well explained, but the quiz and programming project can be difficult if you don't know C.
Next there was a section on web security, like SQL injection, XSS and CSRF. Again, very well explained. The programming project consisted of trying to break into a web site - great fun!
The final block covered static analysis, symbolic execution, fuzzing and penetration testing.
All in all a very enjoyable course, not least because profressor Hicks is very pedagogical - one of the best lecturers I have encountered in MOOCs. The quizzes are relatively easy, but the first and second programming projects took a bit of effort to complete. However, the workload was quite a bit less than for other programming courses I have taken on Coursera.
I've written a more detailed review here: http://henrikwarne.com/2015/10/20/coursera-course-review-software-security/
Bobby Brady @bob

Bobby Brady is taking this course right now, spending 5 hours a week on it and found the course difficulty to be hard.

Challenging course, goes beyond most security MOOC's by incorporating projects that have the student analyze and exploit test code. Some of the most detailed explanations of overflows i have seen in online learning.

Need a strong background in C and Assembly to be successful in at least the first half.

Dropped about halfway thru only because it was the same material I took in my Stanford security program.
Carolina Fernández

Carolina Fernández completed this course and found the course difficulty to be medium.

Very interesting material for introducing on security applied to software. The course is structured around three major blocks, each roughly two weeks from the syllabus. Each block includes a related lab project and interviews with professionals are provided on some units.
The course requires prior knowledge of C, memory management and UNIX. Some concepts about assembler, compiler and similar are advisable. The learning curve may be somewhat steep in the first weeks; thus I'd stress brushing up the aforementioned requirements.
Anonymous

Anonymous is taking this course right now.

The first two week material is too hard to absorb. Some more coding examples with detail explaination may be added in lectures. The other option could be adding couple of week contents on crash review of C/C++ language like strings, pointers, structures and relevant material.
Mariano

Mariano completed this course, spending 4 hours a week on it and found the course difficulty to be medium.

The videos are engaging and include interviews with people working in the field. The topics are well separated and the practical tasks are quite fun, and eye-opening: First you hack a C program into running code it shouldn't, secondly you have to break into a website, and in the third you try fuzzy testing, all in prepared virtual machines.
I highly recommend it.
Marco Villasana Lopez

Marco Villasana Lopez is taking this course right now.

This course is very important for my profession about engineer system. The application is very important against malicious programs. Thanks you by shared.
Anonymous

Anonymous is taking this course right now, spending 24 hours a week on it and found the course difficulty to be very hard.

This was wayyyyy too hard. The course wasn't explained well at all and assumed you're an expert. I recommend advertising it better!
Thomas D

Thomas D completed this course, spending 3 hours a week on it and found the course difficulty to be hard.

I highly recommend this course. The covered subjects are really interesting, and the instructor is a great teacher. He goes quite in-depth also and explains the history and state of the art of each subject, which make it much easier to understand.

The first two assessments were also extremely interesting. The 3rd one was more straightforward but still interesting.
JDmrs

JDmrs is taking this course right now, spending 8 hours a week on it and found the course difficulty to be very hard.

Like someone else wrote, the first two week material is too hard to absorb. Some more coding examples with detail explanation may be added in lectures. The other option could be adding couple of week contents on crash review of C/C++ language like strings, pointers, structures and relevant material.
I agree with this entire content.
Anonymous

Anonymous is taking this course right now.

All I learned was how to use big words with little to no context. What a joke! I dropped the course in the 2nd week!
Lim

Lim completed this course.
Anonymous

Anonymous completed this course.
Ricardo Buitrago

Ricardo Buitrago completed this course.
Cristian

Cristian is taking this course right now.
Maria Del Pilar

Maria Del Pilar is taking this course right now.
Niklas Laxström

Niklas Laxström completed this course.
Oleksandr Kravchuk

Oleksandr Kravchuk completed this course.
Peter Mosoni

Peter Mosoni completed this course.
Amaan Cheval

Amaan Cheval is taking this course right now.
Klaas Naaijkens

Klaas Naaijkens is taking this course right now.