COMP 116: Introduction to Computer Security (ONLINE)

Tufts University Department of Computer Science, Summer 2017, Session B

Instructor

Prerequisites

Textbook

Software Requirements (on your personal computer)

Assessment

Syllabus

Week 1: Networking and Attacking Networks

By the end of this week, you will be able to dissect packet captures (PCAPs), perform network reconnaissance and port scanning, extract credentials sent insecurely via plaintext over the network, detect stealthy scans and other suspicious activities on your network, understand the methods of conducting a distributed denial of service attack (DDoS).

Week 2: Cryptography

By the end of this week, you will be able to crack passwords on a Linux or Windows system, understand the difference between symmetric and asymmetric cryptography, understand and use one-way hash functions, understand how Transport Layer Security (TLS) works, intercept HTTPS traffic with a proxy, understand how and how not to store users' passwords.

Week 3: Web Security

By the end of this week, you will be able to perform and defend against the following attacks: Cross-Site Scripting (XSS), SQL injection, Cross-Site Request Forgery (CSRF), session hijacking, cookie tampering, directory traversal, command injection, remote and local file inclusion.

Week 4: The Capture The Flag Game

By the end of this week, you will be able to take advantage of a number of vulnerabilities on a live web server.

Week 5: Analysis: Risk, Static, and Dynamic

By the end of this week, you will be able to create technical risk analysis, be exposed to and understand the difference between CVE and CWE, use static analysis software to identify vulnerabilities, understand the difference between static and dynamic analysis.

Week 6: Malware

By the end of this week, you will be able to describe types of malware, see certain malware behaviors, scan and analyze malware, reverse engineer Android apps to determine if they are malicious.

Topics That Will Not Be Covered

Expectations and Structure of This Online Course

This will be an adventure for all of us but it will be a fun one for sure. A few notes on the expectations and structure of this course:

1. What this course will NOT have and what I will NOT do:

There are many good reasons why I will not do any of the above items:

Adding constraints and extra burden to your lives especially during the summer will not fit well with anyone. Extra constraints and burden also defeat the purpose of an online course. Thus, you will probably not see me at all this summer.

2. You are on your own pace.

You can choose to:

  1. Pace yourself during the week
  2. Do everything during the weekend
  3. Do everything during the last minute
  4. Don't do any of the work

Your choice, but the latter three choices are not wise.

3. You are responsible for your own learning.

A very important point: if you want everything gone over in lecture or in notes, then this is not the course for you. More importantly, that's not how things work in real life.

4. You will learn by doing.

Each week, there will be at most three labs (and a quiz every other week) to hone your skills and to aim at the crux of the matter for the week. Here's an analogy: you don't learn how to cook simply by just reading cookbooks and watching YouTube videos. You learn by making, using your hands, and making mistakes.

5. You will learn by asking questions.

It is your responsibility to ask questions early and to ask for help...

6. ...and I expect this Piazza board to be very active and civil.

Share thoughts and respond to other people's questions. The TAs and myself will be online constantly, thus the idea of set office hours almost becomes moot point. It is no secret that I respond very quickly unless I need to be away.

7. As for the workload...

Hard to say because the skill-set of the students varies: from those who have just completed Introduction to Computer Science and/or Data Structures to those who already have a Computer Science degree. In terms of number of hours you should expect to spend per week, my rough estimate and expectation is anywhere from 3 to 10 hours of work a week.

There is a very good post published by Northeastern University: "How To Be a Successful Online Learner." Link: http://www.northeastern.edu/graduate/blog/2016/06/29/successful-online-learning-strategies/.

Course Policies

Labs

A lab is due one week from the day it is assigned.