CSC-537 Systems Attacks and Defenses

Lectures

Week Date Lec Topics  
1 Mon 1/06 L1 Foundations (1) slides
• Course intro & syllabus
• Tensortrust lab
 
1 Wed 1/08 L2 Foundations (2) slides
• Common vulnerabilities overview
 
2 Mon 1/13   No class  
2 Wed 1/15 L3 Foundations (3) slides
• Basic secure coding principles
 
3 Mon 1/20   No class - University closed  
3 Wed 1/22   No class - University closed  
4 Mon 1/27 L4 LLMs & Code Security slides
• Using LLMs for safer code
• Demo: AI coding assistants
 
4 Wed 1/29 L5 CTF Basics slides
• Fundamentals of CTF design & infra
• Categories, scoring
 
5 Mon 2/03 L6 Web Attacks (1) slides
• SQL injections
• XSS
 
5 Wed 2/05 L7 Project Check-In #1
• Teams finalize challenge ideas
• Instructor/peer feedback
 
6 Mon 2/10 L8 Project Check-In #2
• Teams finalize challenge ideas
• Instructor/peer feedback
 
6 Wed 2/12 L9 In-class project bootstrap
• In-class help for bootstrapping the project
• Brainstorming, design discussions
 
7 Mon 2/17 L10 Web Attacks (2) slides
• Same Origin Policy
 
7 Wed 2/19   No class - University closed  
8 Mon 2/24   No class - Challenge building
Check out some attack NDSS papers
 
8 Wed 2/26   No class - Challenge building
Check out some defense NDSS papers
 
9 Mon 3/03 L11 Web Attacks (3) slides
• Cross-Site Scripting (XSS) Defenses
 
9 Wed 3/05 L12 Web Attacks (4) slides
• Clickjacking
• CSRF
• Session Management
 
10 Mon 3/10   No class - Spring Break  
10 Wed 3/12   No class - Spring Break  
11 Mon 3/17 L13 Software Supply Chain (1) slides
• Software Composition Analysis (SCA)
 
11 Wed 3/19 L13 Software Supply Chain (2) slides  
12 Mon 3/24   Open Lab / Review
• In-class help for final polishing
• Handling last-minute issues
• Q&A on challenge deployment
 
12 Wed 3/26   Open Lab / Review
• Final project Q&A
• Testing environment “mini-rehearsal”
 
Week Date Lec Topics
13 Mon 3/31   Challenge Testing (1)
• Students attempt each other’s challenges
• Collect feedback, note issues
13 Wed 4/02   Challenge Testing (2)
• Continue challenge playthroughs
• Post-mortems / solution sharing