About the course
This course covers the fundamental concepts of Cyber Security and Cyber Defense. The course will cover Software and System Security, in which, you will learn about control hijacking attacks, which includes buffer overflow, integer overflow, bypassing browser, and memory protection. Then you will get some knowledge of what is Sandboxing and Isolation, what are the tools and techniques for writing robust application software. Then you will learn about what are the security vulnerability detection tools, and techniques which include program analysis (static, concolic, and dynamic analysis). After that, you will know about privilege, access control, Operating System Security, Exploitation techniques, and Fuzzing.
Then the course will cover Network Security & Web Security, in which you will learn about Security Issues in TCP/IP, which includes TCP, DNS, Routing (Topics such as basic problems of security in TCP/IP, IPsec, BGP Security, DNS Cache poisoning, etc), Network Defense tools such as Firewalls, Intrusion Detection, Filtering. Then, you will learn about DNSSec, NSec3, Distributed Firewalls, Intrusion Detection tools, Threat Models, Denial of Service Attacks, DOS-proof network architecture, Security architecture of the World Wide Web, Security Architecture of Web Servers, and Web Clients. Then, you will learn about Web Application Security which includes Cross-Site Scripting Attacks, Cross-Site Request Forgery, SQL Injection Attacks. After that, the course will cover Content Security Policies (CSP) in web, Session Management and User Authentication, Session Integrity, HTTPS, SSL/TLS, Threat Modeling, Attack Surfaces, and other comprehensive approaches to network design for security.
Next, you come to Security in Mobile Platforms, where you will learn about the Android vs. ioS security model, threat models, information tracking, rootkits, Threats in mobile applications, analyzer for mobile apps to discover security vulnerabilities, Viruses, Spywares, and keyloggers and malware detection. Then, it will cover Introduction to Hardware Security, Supply Chain Security, in which you will learn about Threats of Hardware Trojans and Supply Chain Security, Side Channel Analysis based Threats, and attacks. At last, the course will cover, Issues in Critical Infrastructure and SCADA Security in which, you will learn about Security issues in SCADA, IP Convergence Cyber-Physical System Security threats, Threat models in SCADA and various protection approaches, Machine learning, and SCADA Security.
After completing this course, you will be able to:
- Discover software bugs that pose cybersecurity threats, explain and recreate exploits of such bugs in realizing a cyber attack on such software, and explain how to fix the bugs to mitigate such threats
- Discover cyber-attack scenarios to web browsers, and web servers, explain various possible exploits, recreate cyber attacks on browsers, and servers with existing bugs, and explain how to mitigate such threats.
- Discover and explain cybersecurity holes in standard networking protocols, both in network architecture, standard protocols (such as TCP/IP, ARP, DNS, Ethernet, BGP, etc), explain mitigation methods and revisions of standards based on cyber threats.
- Discover and explain mobile software bugs posing cybersecurity threats, explain and recreate exploits, and explain mitigation techniques.
- Articulate the urgent need for cybersecurity in critical computer systems, networks, and the worldwide web, and explain various threat scenarios
- Articulate the well-known cyberattack incidents, explain the attack scenarios, and explain mitigation techniques
- Explain the difference between Systems Cyber Security, Network Cyber Security, and cryptography, crypto-protocols, etc.
- Articulate the cyber threats to critical infrastructures
- Boost your hireability through innovative and independent learning.
The course can be taken by:
Students: All students who are pursuing professional graduate/post-graduate courses related to computer science or Information Technology.
Teachers/Faculties: All computer science and engineering teachers/faculties.
Professionals: All IT professionals in the application development domain.
Why learn Computer Systems Security?
- 24X7 Access: You can view lectures at your own convenience.
- Online lectures: ~16 hours of online lecture with high-quality video.
- Updated Quality content: Content is the latest and gets updated regularly to meet the current industry demands.
Test & Evaluation
1. During the program, the participants will have to take all the assignments given to them for better learning.
2. At the end of the program, a final assessment will be conducted.
1. All successful participants will be provided with a certificate of completion.
2. Students who do not complete the course / leave it midway will not be awarded any certificate.
- Some programming background would be useful
- Some knowledge of Operating Systems would be useful but not mandatory.
- Familiarity with internet and surfing the web using a browser
- Introduction to Computers
- Some elementary knowledge of English
Topics to be covered
- Computer System Security Introduction
- Interview with Prof.Sandeep Shukla CSE IIT kanpur
- What is computer security and what to learn?
- Learning objectives
- Sample Attacks
- The Marketplace for vulnerabilities
- Error 404 Hacking digital India part 1 chase
- Computer System Security Module 01
- Control Hijacking
- More Control Hijacking attacks integer overflow
- More Control Hijacking attacks format string vulnerabilities
- Defense against Control Hijacking - Platform Defenses
- Defense against Control Hijacking - Run-time Defenses
- Advanced Control Hijacking attacks
- Computer System Security Module 02
- Confidentiality Policies
- Confinement Principle
- Detour Unix user IDs process IDs and privileges
- More on confinement techniques
- System call interposition
- Error 404 digital Hacking in India part 2 chase
- Computer System Security Module 03
- VM based isolation
- Confinement principle
- Software fault isolation
- Intrusion Detection Systems
- Computer System Security Module 04
- Secure architecture principles isolation and leas
- Access Control Concepts
- Are you sure you have never been hacked Sandeep Shukla
- Unix and windows access control summary
- Other issues in access control
- Introduction to browser isolation
- Computer System Security Module 05
- Web security landscape
- Web security definitions goals and threat models
- HTTP content rendering
- Browser isolation
- Security interface
- Cookies frames and frame busting
- Computer System Security Module 06
- Major web server threats
- Cross site request forgery
- Cross site scripting
- Defenses and protections against XSS
- Finding vulnerabilities
- Secure development
- Computer System Security Module 07
- Basic cryptography
- Public key cryptography
- RSA public key crypto
- Digital signature Hash functions
- Public key distribution
- Real world protocols
- Basic terminologies
- Email security certificates
- Transport Layer security TLS
- IP security
- DNS security
- Computer System Security Module 08
- Internet infrastructure
- Basic security problems
- Routing security
- DNS revisited
- Summary of weaknesses of internet security
- Link layer connectivity and TCP IP connectivity
- Packet filtering firewall
- Intrusion detection
- Concluding remarks
- Computer System Security - Final-Quiz