Resources

Lecture Slides

#	Topic
1	Welcome & Introduction
2	Policy and Aspects
3	Beyond the Attacks
4	Goals and Requirements
5	Assurance
6	Architectural Approaches to Security
7	Equifax Fiasco
8.1	Cryptography - Intro and Failures
8.2	Cryptography - One Time Pads
8.3	Cryptography - Block Ciphers
8.4	Cryptography - Stream Ciphers
8.5	Cryptography - Nonce and IV
8.6	Cryptography - Key Exchange and Public Keys
8.7	Cryptography - Authentication
8.8	Cryptography - Hashes and Passwords
8.9	Cryptography - Random Numbers and Entropy
8.10	Cryptography - Forward Secrecy and TLS
8.11	Cryptography - Libraries (Libsodium)
8.12	Cryptography - Developer Mistakes
8.13	Cryptography - Developer Best Practices
9	Project 2
10.1	Authentication - Intro
10.2	Authentication - Passwords
10.3	Authentication - Tokens and Certificates
10.4	Authentication - 2FA
10.5	Authentication - OAuth
10.6	Authentication - Kerberos
10.7	Authentication - Biometrics
11	Audit
12	Software Deadly Sins

Cryptography

• Crypto 101 e-book [Free/PDF, (2017+)]
  • Written by Laurens Van Houtven and distributed at https://www.crypto101.io/. Updated directly at GitHub repo. (See also: Local mirror, may be out of date compared to github copy)
  • Big picture ideas + Commentary on breaking crypto. Light on the math! Incomplete / work in progress.
• Cryptography: An Introduction (3rd Edition) [Free/PDF, 2006]
  • Written by Nigel Smart, a cryptographer & computer science professor specializing in the area of elliptic curve cryptography.
  • Note: The free e-book is no longer being updated as-of 2016. See Cryptography Made Simple (2016, Springer Publishing) for purchase.
  • Heavy on the math!
• Cryptography Engineering [Paid, 2010]
  • Written by Niels Ferguson (Cryptographer, Microsoft), Bruce Schneier (Cryptographer), and Tadayoshi Kohno (Professor, University of Washington)
• A Graduate Course in Applied Cryptography [Free/PDF, 2017]
  • Written by Dan Boneh (Professor, Stanford University) and Victor Shoup (Professor, New York University)
  • Heavy on the math!
  • See also: Local mirror of v0.4, may be out of date compared to latest version at http://toc.cryptobook.us/
• Evaluation of Some Blockcipher Modes of Operation by Phillip Rogaway, February 2011. (See also: Local Mirror)

Software Security

• Michael Howard, David LeBlanc, and John Viega. 2009. 24 Deadly Sins of Software Security: Programming Flaws and how to Fix Them. McGraw-Hill, Inc., New York, NY, USA.
  • Note: See Canvas site, Files folder