Welcome    Why?    Training    Games    ChangeBlog    College Classes    Submit Content

Some of the material under Training are being adapted to a class appropriate for teaching at colleges and universities.

In the mean time, we welcome any college level curriculum submissions which are available under an open license and not hosted elsewhere (the class will get its own page like the training pages, with whatever content the instructor wants posted there), or links and course summaries for externally hosted classes.

Penetration Testing and Vulnerability Analysis - Multiple instructors - “This is the course website for Penetration Testing and Vulnerability Analysis currently taught at the Polytechnic Institute of New York University. This course introduces the fundamental technical skills required to identify, analyze, and exploit software vulnerabilities. Taught by a team of security industry experts, we cover the following topics:

1. •Introduction to Penetration Testing, taught by Dan Guido
   Where the industry is now, where it's going, and how these skills fit in
   

2. •Operational Reviews and Code Audits, taught by Brandon Edwards
   Identify vulnerabilities and programmer errors by auditing source code
   

3. •Reverse Engineering, taught by Alex Sotirov and Aaron Portnoy
   Understand, modify, and analyze compiled applications and systems to identify vulnerabilities
   

4. •Exploitation, taught by Dino Dai Zovi
   Take advantage of vulnerabilities to gain access to restricted data and break security policies
   

5. •Web Hacking, taught by Joe Hemler and Marcin Wielgoszewski
   Vulnerability discovery and exploitation on the web
   

6. •Network Pentests: Post exploitation, persistence and exfiltration, taught by Colin Ames
   Expanding access, maintaining persistence, and evading detection”
   

Special Topics: Data Security and Privacy: Legal, Policy and Enterprise Issues - U. Mich, Dr. Don Blumenthal - “As data collection and information networks expand (and stories of security breaches and the misuse of personal information abound), data security and privacy issues are increasingly central parts of the information policy landscape. Legislators, regulators, businesses, and other institutions of all kinds are under increasing pressure to draft and implement effective laws, regulations, and security and privacy programs under rapidly changing technological, business, and legal conditions. A strong need is arising for individuals with the training and skills to work in this unsettled and evolving environment. This course examines security issues related to the safeguarding of sensitive personal and corporate information against inadvertent disclosure; policy and societal questions concerning the value of security and privacy regulations, the real-world effects of data breaches on individuals and businesses, and the balancing of interests among individuals, government, and enterprises; current and proposed laws and regulations that govern data security and privacy; private-sector regulatory efforts and self-help measures; emerging technologies that may affect security and privacy concerns; and issues related to the development of enterprise data security programs, policies, and procedures that take into account the requirements of all relevant constituencies, e.g., technical, business, and legal.”

http://www.binary-auditing.com - Dr. Thorsten Schneider - “The training package includes all necessary files to run a complete lecture for Binary Auditing and Reverse Code Engineering at university. All files are well sorted by topics and with increasing difficulty. You need Windows XP, Windows Vista or Windows 7 to use this training package. The training package does NOT include runnable viruses! ”

Network and Computer Security - MIT, Dr. Ron RIvest - “6.857 is an upper-level undergraduate, first-year graduate course on network and computer security. It fits within the department's Computer Systems and Architecture Engineering concentration. Topics covered include (but are not limited to) the following:

1. •Techniques for achieving security in multi-user computer systems and distributed computer systems;
   

2. •Cryptography: secret-key, public-key, digital signatures;
   

3. •Authentication and identification schemes;
   

4. •Intrusion detection: viruses;
   

5. •Formal models of computer security;
   

6. •Secure operating systems;
   

7. •Software protection;
   

8. •Security of electronic mail and the World Wide Web;
   

9. •Electronic commerce: payment protocols, electronic cash;
   

10. •Firewalls; and
    

11. •Risk assessment.”
    

Cryptography and Cryptanalysis - MIT - “This course features a rigorous introduction to modern cryptography, with an emphasis on the fundamental cryptographic primitives of public-key encryption, digital signatures, pseudo-random number generation, and basic protocols and their computational complexity requirements.”

Advanced Topics in Cryptography - MIT - “The topics covered in this course include interactive proofs, zero-knowledge proofs, zero-knowledge proofs of knowledge, non-interactive zero-knowledge proofs, secure protocols, two-party secure computation, multiparty secure computation, and chosen-ciphertext security.”

Selected Topics in Cryptography - MIT, Dr. Ran Canetti - “This course covers a number of advanced "selected topics" in the field of cryptography. The first part of the course tackles the foundational question of how to define security of cryptographic protocols in a way that is appropriate for modern computer networks, and how to construct protocols that satisfy these security definitions. For this purpose, the framework of "universally composable security" is studied and used. The second part of the course concentrates on the many challenges involved in building secure electronic voting systems, from both theoretical and practical points of view. In the third part, an introduction to cryptographic constructions based on bilinear pairings is given.”