COMP 116: Introduction to Computer Security (ONLINE)

Tufts University Department of Computer Science, Summer Session B




Hardware and Software for This Class (on your personal computer)

Absolute Requirements

Strongly Recommended Requirements



Week 1: Networking and Attacking Networks

By the end of this week, you will be able to dissect packet captures (PCAPs), perform network reconnaissance and port scanning, understand the methods of conducting a distributed denial of service attack (DDoS).

Slides: week1-networks.pdf
Required Readings
Tools Used:

Week 2: Cryptography

By the end of this week, you will be able to extract credentials sent insecurely via plaintext over the network, detect stealthy scans and other suspicious activities on your network, crack passwords on a Linux or Windows system, understand the difference between symmetric and asymmetric cryptography, understand and use one-way hash functions, understand how Transport Layer Security (TLS) works, intercept HTTPS traffic with a proxy, understand how and how not to store users' passwords.

Slides: week2-crytography.pdf
Required Readings
Tools Used:

Week 3: Web Security

By the end of this week, you will be able to perform and defend against the following attacks: Cross-Site Scripting (XSS), SQL injection, Cross-Site Request Forgery (CSRF), session hijacking, cookie tampering, directory traversal, command injection, remote and local file inclusion.

Slides: week3-websecurity.pdf
Required Readings
Tools Used:

Week 4: The Capture The Flag Game

By the end of this week, you will be able to take advantage of a number of vulnerabilities on a live web server.

Week 5: Vulnerabilities, Static and Dynamic Analysis

By the end of this week, you will be exposed to and understand the difference between CVE and CWE, be able to scan for vulnerabilities, use static analysis software to identify vulnerabilities, understand the difference between static and dynamic analysis, and be able to write a technical risk analysis.

Slides: week5-vulnerabilities.pdf
Required Readings
Tools Used:

Week 6: Malware

By the end of this week, you will be able to describe types of malware, see certain malware behaviors, scan and analyze malware, reverse engineer Android apps to determine if they are malicious.

Slides: week6-malware.pdf
Required Readings
Tools Used:

Topics That Will Not Be Covered In This Course

Workload: All The Lab with Expected Length and Difficulty

Course Policies


All labs for a given week are due on the following week on a Wednesday at 11:59 PM (so yes, a week-and-a-half to do all labs for a week). The new week will be made available on Monday morning at 10 AM. Late labs are not accepted.

Expectations and Structure of This Online Course

This course will be a fun one for sure. A few notes on the expectations and structure of this course:

1. What this course will NOT have and what I will NOT do:

There are many good reasons why I will not do any of the above items:

Adding constraints and extra burden to your lives especially during the summer will not fit well with anyone. Extra constraints and burden also defeat the purpose of an online course. Thus, you will probably not see me at all this summer.

2. You are on your own pace.

You can choose to:

  1. Pace yourself during the week
  2. Do everything during the weekend
  3. Do everything during the last minute
  4. Don't do any of the work

Your choice, but the latter three choices are not wise.

3. You are responsible for your own learning.

A very important point: if you want everything gone over in lecture or in notes, then this is not the course for you. More importantly, that's not how things work in real life.

4. You will learn by doing.

Each week, there will be at most three labs (and a quiz every other week) to hone your skills and to aim at the crux of the matter for the week. Here's an analogy: you don't learn how to cook simply by just reading cookbooks and watching YouTube videos. You learn by making, using your hands, and making mistakes.

5. You will learn by asking questions.

It is your responsibility to ask questions early and to ask for help...

6. ...and I expect the Piazza board to be very active and civil.

Share thoughts and respond to other people's questions. I will be online constantly, thus the idea of set office hours almost becomes moot point. It is no secret that I respond very quickly unless I need to be away.

There is a very good post published by Northeastern University: "How To Be a Successful Online Learner." Link: