Project-related deadlines are shown in red. Note that that there will be no extensions for projects!

Module 1 (Weeks 1-5) — Memory-based attacks

Week 1: Stack Smashing

Week 2: Defense: Stack Canaries, ASLR, and W^X

Week 3: Return-Oriented Programming and CFI

Week 4: Secure Coding, Malware, and Static Analysis

Module 2: Systems Security

Week 5: Access Control and Sandboxing

Module 3: Crypto

Week 6: Basics and Symmetric Crypto

Week 7: Public-key (Asymmetric) crypto

Module 4: Network and Web Security

Week 8: TLS, HTTPS, and DNS Security

Week 9: SQL and Script Injection

Week 10: Cross-Site Scripting and Cross-Site Request Forgery

Module 5: Information Flow and Side Channels

Week 11: Information Flow and Jeeves

Week 12: Side-Channel Attacks

Module 6: Program Analysis for Security

Week 13: Dynamic and Static Analysis

Module 7: Usable Security and Wrap Up

Week 14: Usable Security, User Studies, and Experimental Design