Application Security
Application Security teaches students the fundamental technical skills required to identify and prevent appplication vulnerabilities. Students will learn to apply the theory and practice of code auditing; a process which includes learning how to dissect an application, discover security vulnerabilities, and assess the danger each vulnerability presents. We also discuss methods to support secure software development. Taught by a team of security industry experts, we cover the following topics:
- Operational Reviews and Code Audits, taught by Brandon Edwards
Identify vulnerabilities and programmer errors by auditing source code
- Windows Internals, taught by Alex Sotirov
Understand operating system issues and security considerations specific to Windows
- Exploit Mitigation, taught by Dino Dai Zovi
Accurately evaluate the impact of available exploit mitigations
- Web Hacking, taught by Joe Hemler and Marcin Wielgoszewski
Vulnerability discovery and exploitation on the web
- Mobile Security, taught by Chris Rohlf
Identify security-relevant changes in mobile client architectures
- Cryptography, taught by Tom Ptacek
Identify and understand issues with how cryptography is used in modern systems
- Security Program Management, taught by Shyama Rose
How to design effective, strategic security programs for complex organizations
- Security at Scale, taught by Zane Lackey
Approaches to ensure application security in a continuous deployment environment
Vulnerability Analysis
Vulnerability Analysis is a project-based course that introduces the fundamental technical skills required to analyze and exploit software vulnerabilities. This hands-on course ensures that students understand how modern attacks are developed and performed. Taught by a team of security industry experts, students are guided to learn the following topics:
- Reverse Engineering, taught by Alex Sotirov and Aaron Portnoy
Understand, modify, and analyze compiled applications and systems to identify vulnerabilities
- Exploitation, taught by Dino Dai Zovi and Alex Sotirov
Take advantage of vulnerabilities to elevate your level of access
- Operations: Post exploitation, persistence and exfiltration, taught by Colin Ames
Expanding access, maintaining persistence, and evading detection
About
These courses and this website have been organized and maintained for the past five years by Dan Guido. You can read more about the history of the vulnerability analysis course and some of the past work that students have created in it. If you would like to take these courses for credit, they are offered through:
- E-Poly's Cyber-Security certificate,
- E-Poly's MS in Cyber-Security,
- and through the university proper.
For outside users, there is a reddit study group as well as a twitter that helps you keep up with new course material and other announcements regarding the class.
