Presentation is loading. Please wait.

Presentation is loading. Please wait.

Course Information Teacher: Cliff Zou Office: HEC

Similar presentations


Presentation on theme: "Course Information Teacher: Cliff Zou Office: HEC"— Presentation transcript:

1 Malware and Software Vulnerability Analysis Cliff Zou University of Central Florida

2 Course Information Teacher: Cliff Zou Office: HEC243 407-823-5015

3 Prerequisites C programming language Programming experience
Software security lecturing will mainly use C code as examples Programming experience Any programming language is fine Knowledge on computer architecture Know stack, heap, memory For our buffer overflow programming project Knowledge on OS, algorithm, networking Basic usage of Unix machine We will need to use Kali Linux Virtual Machine for some experiments and programming assignments

4 Objectives Learn software vulnerability
Underlying reason for most computer security problems Buffer overflow: stack, heap, integer Buffer overflow defense: stackguard, address randomization … How to build secure software Software assessment, testing E.g., Fuzz testing

5 Objectives Learn computer malware: Learn malware analysis
Malware: malicious software Viruses, worms, botnets virus/worm, spam, phishing, pharming Spyware, adware Trojan, rootkits,…. Learn malware analysis A good resource for reading: Learn their characteristics Learn how to detect, monitoring, defend Learn how to simulation malware propagation

6 Course Materials No required textbook. Reference books:
19 Deadly Sins of Software Security (Security One-off) by Michael Howard, David LeBlanc, John Viega The Basics of Hacking and Penetration Testing (2nd edition) by Patrick Engebretson Hacker Techniques, Tools, and Incident Handling (2nd edition) by Sean-Philip Oriyano Online References: CS161: Computer Security, By Dawn Song from UC, Berkley. Software Security, by Erik Poll from Radboud University Nijmegen. Introduction to Software Security, by Vinod Ganapathy from Rutgers Hands-on Labs for Security Education, Dr. Wenliang Du, Syracuse University Guide to ethical hacker publications, Wikipiedia: Great resource and tutorial for initial learning Other references as we go on:

7 Programming projects Probably will have 3 programming projects
Example: Basic buffer overflow Use Unix machine, learn stack, debugger (gdb) Software fuzz testing Find bugs in a provided binary program Internet worm propagation simulation Understand how to do discrete-time simulation


Download ppt "Course Information Teacher: Cliff Zou Office: HEC"

Similar presentations


Ads by Google