Lecture Schedule

  • Lecture slides and links to the videos will be added below.
  • Under Covid-19 alert levels 1 and 2 lectures are in person and webcast live in Panopto.
  • Under Covid-19 alert levels 3 and 4 lectures are on Zoom only.

Week 1: Introduction

Week 2: Security principles

Week 3: Threat modelling

Week 4: Threat modelling

Week 5: Ranking Threats and Security Testing

  • Threat modelling V: Ranking Threats pdf video
    • Limitations of DREAD by Adam Shostack (2018) html
    • Microsoft Bug Bar html
  • Security code reviews and intro to testing pdf video
  • Helpdesk: see Helpdesk Schedule

Week 6: Set-UID programs

Week 7: Buffer overflow

Week 8: Format string

Week 9: SQL injection

Week 10: Cross-site scripting (XSS)

Week 11: Cross-site request forgery (CSRF)

  • CSRF - attacks
  • CSRF - countermeasures

Week 12: Revision week