Send More Info
Apply Now
Classroom Login
Call Now
Call Now 855-300-1469

CYB 5280 Host and Application Security


Course Description

This course explores security-related aspects of host-based computer security. Course covers the elements of systems that make them secure or vulnerable, defense architectures, forensics, reverse engineering, metrics, virtualization and other topics. This course conveys key concept through hands-on examples.

Course Objectives

Upon completion of this course, students should be able to

  • Understand how host and application security relates more generally to computer security
  • Apply security concepts to the challenge of providing host and application security
  • Understand the host environment and the way applications interact with the underlying host architecture
  • Apply basic security concepts to the operating system in order to evaluate the functions provided by the OS from a security perspective
  • Have a complete understanding of malware, its implications, and remediation strategies
  • Analyze the threat of malicious code in different contexts, and apply this evaluation to the selection of remediation strategies
  • Understand how the web works from a client perspective, and apply this knowledge to web-based security threats for the client
  • Describe common vulnerability types, and apply knowledge of the underlying architecture to analyze the dependencies that exist between vulnerability, OS, and architecture
  • Understand some of the implications of the cloud and host virtualization
  • Apply concepts learned to shape and evaluate security policies in a corporate environment

Week 1


Lecture: Introduction & Interview
Lecture: What is Security?

Outcomes

  • Understand the goals of this class
  • Basic introduction of terms and scope
  • Recognize security in the context of the host/application
  • Explain the differences between Confidentiality, Availability and Integrity
  • Infer the impact of malice when analyzing a system
  • Learn to think about systems from the perspective of an attacker

Week 2


Lecture: The Host, Boot Sequence
Lecture: The Host, Part 2

Outcomes

  • Describe the way modern computers boot
  • Reason about the ways in which the boot sequence can be leveraged by an attacker
  • Understand the role of trusted components in the boot sequence

Week 3


Lecture: Operating System Security, Part 1
Lecture: Operating System Security, Part 2

Outcomes

  • Describe common approaches for protecting memory and other resources
  • Describe the common access control approaches in detail
  • Explain why modern operating systems are designed the way they are

Week 4


Lecture: Vulnerabilities: How Things Go Wrong, Part 1
Lecture: Vulnerabilities: How Things Go Wrong, Part 2 

Outcomes

  • List the different types of vulnerability that applications have
  • Understand how a buffer overrun can be exploited
  • Understand how return oriented programming works
  • Exploit different vulnerabilities

Week 5


Lecture: Malware History
Lecture: Comptuer Viruses

Outcomes

  • Place current events in malware in their historical perspective
  • Describe the evolution of malware from the very beginning of the problem
  • Understand how boot viruses work
  • Understand how parasitic file viruses work
  • Understand how stealth works for malware
  • Understand how polymorphism and metamorphism work

Week 6


Lecture: Virus Defense
Lecture: Case Study: Web Security, Part 1

Outcomes

  • Write a detector for the output of the polymorphic “Hello World” generators you have been given
  • Understand, from a client perspective, how the web works, with particular emphasis on state
  • Exploit simple XSS vulnerabilities
  • Analyze an application and determine how it poses risk to the client
  • Enumerate and explain the different primary sources of vulnerability

Week 7


Lecture: Case Study: Web Security, Part 2
Lecture: Virtualization

Outcomes

  • Understand, from a client perspective, how the web works, with particular emphasis on state
  • Exploit simple XSS vulnerabilities
  • Analyze an application and determine how it poses risk to the client
  • Enumerate and explain the different primary sources of vulnerability
  • Understand how OS virtualization works
  • Describe issues that impact the development of economic models for security and explain how corporate culture can affect economic decision-making

Week 8


Lecture: Management of the Host

Outcomes

  • Apply lessons learned to the problem of security for hosts within the enterprise
  • Reason about different levels of risk

The course description, objectives and learning outcomes are subject to change without notice based on enhancements made to the course.