Presentation is loading. Please wait.

Presentation is loading. Please wait.

Course Information Teacher: Cliff Zou Office: HEC

Published byAdam Wheeler Modified over 6 years ago

Similar presentations

Presentation on theme: "Course Information Teacher: Cliff Zou Office: HEC"— Presentation transcript:

1 Malware and Software Vulnerability Analysis Cliff Zou University of Central Florida

2 Course Information Teacher: Cliff Zou Office: HEC243 407-823-5015

3 Prerequisites C programming language Programming experience
Software security lecturing will mainly use C code as examples Programming experience Any programming language is fine Knowledge on computer architecture Know stack, heap, memory For our buffer overflow programming project Knowledge on OS, algorithm, networking Basic usage of Unix machine We will need to use Kali Linux Virtual Machine for some experiments and programming assignments

4 Objectives Learn software vulnerability
Underlying reason for most computer security problems Buffer overflow: stack, heap, integer Buffer overflow defense: stackguard, address randomization … How to build secure software Software assessment, testing E.g., Fuzz testing

5 Objectives Learn computer malware: Learn malware analysis
Malware: malicious software Viruses, worms, botnets virus/worm, spam, phishing, pharming Spyware, adware Trojan, rootkits,…. Learn malware analysis A good resource for reading: Learn their characteristics Learn how to detect, monitoring, defend Learn how to simulation malware propagation

6 Course Materials No required textbook. Reference books:
19 Deadly Sins of Software Security (Security One-off) by Michael Howard, David LeBlanc, John Viega The Basics of Hacking and Penetration Testing (2nd edition) by Patrick Engebretson Hacker Techniques, Tools, and Incident Handling (2nd edition) by Sean-Philip Oriyano Online References: CS161: Computer Security, By Dawn Song from UC, Berkley. Software Security, by Erik Poll from Radboud University Nijmegen. Introduction to Software Security, by Vinod Ganapathy from Rutgers Hands-on Labs for Security Education, Dr. Wenliang Du, Syracuse University Guide to ethical hacker publications, Wikipiedia: Great resource and tutorial for initial learning Other references as we go on:

7 Programming projects Probably will have 3 programming projects
Example: Basic buffer overflow Use Unix machine, learn stack, debugger (gdb) Software fuzz testing Find bugs in a provided binary program Internet worm propagation simulation Understand how to do discrete-time simulation

Download ppt "Course Information Teacher: Cliff Zou Office: HEC"

Similar presentations

Welcome to EECS 354 Network Penetration and Security.

Welcome to EECS 354 Network Penetration and Security.
電腦攻擊與防禦 The Attack and Defense of Computers CEA036許富皓.

電腦攻擊與防禦 The Attack and Defense of Computers CEA036許富皓.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
電腦攻擊與防禦 The Attack and Defense of Computers CE6107許富皓.

電腦攻擊與防禦 The Attack and Defense of Computers CE6107許富皓.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2012.
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2013.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2013.
Introduction to Honeypot, Botnet, and Security Measurement

Introduction to Honeypot, Botnet, and Security Measurement
A First Course in Information Security

A First Course in Information Security
EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.

EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.

CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.
1 CDA6938 Special Topic: Research in Computer and Network Security (spring’07) Class Overview.

1 CDA6938 Special Topic: Research in Computer and Network Security (spring’07) Class Overview.
Viruses & Destructive Programs

Viruses & Destructive Programs
Computer & Network Security

Computer & Network Security
CPRG 215 Introduction to Object-Oriented Programming with Java Module 1-Introduction to Java Topic 1.1 Basics of Java Produced by Harvey Peters, 2008 Copyright.

CPRG 215 Introduction to Object-Oriented Programming with Java Module 1-Introduction to Java Topic 1.1 Basics of Java Produced by Harvey Peters, 2008 Copyright.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2010.

CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2010.
Brandon Resheske. What is Malware? Code designed to interfere with normal computer operation The correct general term, instead of ‘virus.’ Basically,

Brandon Resheske. What is Malware? Code designed to interfere with normal computer operation The correct general term, instead of ‘virus.’ Basically,
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2013.

CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2013.
CIS 3360: Security in Computing Cliff Zou Spring 2012.

CIS 3360: Security in Computing Cliff Zou Spring 2012.

Similar presentations

Ads by Google