Below is the calendar for this course. This is the preliminary schedule, which will be altered as the quarter progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

DateTopicAssignments
Due		Readings for Discussion
(do readings before class)
09/26/25Introduction
(Slides)
Course syllabus link
09/29/25Software Vulnerabilities
(Slides)
Vulnerability Definitions link
10/01/25Software Vulnerabilities (Part 2)
(Slides)
Common Vulnerability Enumeration link
Known Exploited Vulnerabilities Catalog link
10/03/25History of Attacks
(Slides)
The Internet Worm Program: An Analysis, Eugene Spafford, Purdue Technical Report, CSD-TR-823, 1988 (Sections 1-3).link
10/06/25Memory Errors (Spatial)
(Slides)
Paul van Oorschot. Tools and Jewels. Section 6.3. link
10/08/25Memory Errors (Type)
(Slides)
The Programming Languages Enthusiast. What is Type Safety?link
10/10/25Memory Errors (Temporal)
(Slides)
Paul van Oorschot. Tools and Jewels. Section 6.3. link
10/13/25Buffer Overflow Attacks
(Slides)
Aleph One. Smashing the Stack for Fun and Profit. Volume 7, Issue 49. link
10/15/25Buffer Overflow Attacks (Part 2)
(Slides) 		Quiz 1 - 10/15link
10/17/25Basic Software Defenses
(Slides)
Paul van Oorschot. Tools and Jewels. Section 6.3. link
10/20/25Basic Software Defenses (Part 2)
(Slides)
Paul van Oorschot. Tools and Jewels. Section 6.3. link
10/22/25Heap Attacks
(Slides)
Paul van Oorschot. Tools and Jewels. Section 6.4. link
10/24/25Return-oriented Attacks (Part 1)
(Slides)
Red Team Notes. Return-to-Libc / ret2libc. link
10/27/25Return-oriented Attacks (Part 2)
(Slides)
Bypassing Non-executable-stack during exploitation using return-to-libc. link
10/29/25Exploit Discussion
Quiz 2 - 10/29link
Project 2 link
10/31/25Advanced Software Defenses
(Slides)
Fighting exploits with Control-Flow Integrity (CFI) in Clang link
11/03/25Midterm Review
(Slides)
11/05/25Midterm
11/07/25Fuzz Testing
(Slides)
Beginners Guide to Fuzzing: Tutorial link
American Fuzzy Lop link
11/10/25Midterm Discussion + More Fuzzing
(Slides)
11/12/25Malware and Detection
(Slides)
Paul van Oorschot. Tools and Jewels. Sections 7.1-7.5 link
11/14/25Access Control
(Slides)
Paul van Oorschot. Tools and Jewels. Sections 5.2-5.3.link
Trent Jaeger. Operating Systems Security. Sections 2.1-2.2.link
11/17/25Access Control (Part 2)
(Slides)
Trent Jaeger. Operating Systems Security. Chapter 4.link
11/19/25Filesystem Vulnerabilities
(Slides) 		Quiz 3 - 11/19link
CWE-367 - Time-of-check to time-of-use (TOCTOU) Race Conditionlink
Time-of-check to time-of-use - Wikipedialink
11/21/25Web and Browser Security
(Slides)
Paul van Oorschot. Tools and Jewels. Sections 9.1, 9.3-9.4 link
11/24/25Web and Browser Security (Part 2)
(Slides)
Paul van Oorschot. Tools and Jewels. Sections 9.5-9.6 link
11/26/25Network Security
(Slides)
Paul van Oorschot. Tools and Jewels. Sections 10.1-10.2 link
11/28/25Thanksgiving
12/01/25Network Security (Part 2)
(Slides)
Paul van Oorschot. Tools and Jewels. Sections 10.1-10.2 link
12/03/25Security in the Future
(Slides) 		Quiz 4 - 12/3link
Paul van Oorschot. Tools and Jewels. Epilogue.link
Future Of Cybersecurity - With Bruce Schneierlink
12/05/25Final Review
(Slides)
12/08/25Final Exam - M, December 8 at 7pm-10pm (MSE 103)
.