Welcome to Application Security!
This course addresses the design and implementation of secure applications. Concentration is on writing software programs that make it difficult for intruders to exploit security holes.
Please beware there might be slight differences with the on-campus and cyberfellows version of this course, check with your instructor. However, they likely will be using the same assignments/organization.
To get started with the assignments, we recommend you use the installation script provided here. This has a set-up for Windows, Mac and Linux. For the first homework assignment, we highly suggest you stick with using Ubuntu Linux. If you found an issue using the installation script, please raise a pull request and the course staff can update the script.
Homework 1 was originally written by Professors Brendan Dolan-Gavitt and Justin Cappos. This assignment is about using manual and automated techniques to both find and repair bugs in C.
Homework 2 was originally created by Kevin Gallagher. This assignment covers both exploiting and fixing web application vulnerabilities. Then it goes over about secure key management and database encryption.
Homework 3 was originally created by Kevin Gallagher. This assignment is about secure practice in Kubernetes, such as utilizing Sealed Secrets to store sensitive data, and utilizing prometheus to capture security metrics.
Homework 4 was originally created by Kevin Gallagher. This assignment is about fixing a buggy mobile app that both has security misconfigurations and both identifying and removing code that can compromise a user's privacy.