Overview

Included in degrees & certificates

• 260
• 367

Prerequisites

• CS3690
• CS3070
• CS3140

Learning Outcomes

Upon successful completion of this course, students will be able to conduct independent audits of computer networks and their associated software in order to discover and secure potentially exploitable security flaws. 

More granularly, students will be able to:

• Describe fundamental elements of software construction: assemblers, linkers, debuggers,
• Describe common features of executable files: headers, code, data, import, export and symbol table sections
• Describe common features of compiled code: Function calling conventions, function prologue, epilogue and stack frame. Dynamic symbol resolution
• Identify a variety of vulnerability classes in software, for example: buffer overflows, format strings, heap exploits, SQL injection, cross site scripting,
• Describe Reverse Engineering theory and compare source code auditing with binary auditing,
• Describe and compare techniques for vulnerability discovery to include: static analysis, dynamic analysis
• Demonstrate the use of shell code basics in terms of system calls and the shell code.
• Demonstrate the use of bind shell, reverse shell, and socket reuse shellcode payloads.
• Describe rudimentary vulnerability mitigation, such as binary patching,
• Explain fuzzing as a vulnerability discovery tool,
• Describe and perform network programming basics: C sockets, Raw sockets,
• Understand pcap theory and be able to perform packet sniffing and rudimentary protocol analysis using tools such as tcpdump and wireshark,
• Describe packet crafting and use packet crafting tools,
• Explain ethics and disclosure in the context of security vulnerability discovery.