Course Schedule Fall 2025
This schedule is subject to change. Please check back frequently.
Part 1. Security Fundamentals
| Monday | Wednesday | Friday |
|---|---|---|
|
Aug. 22 The security mindset Welcome, Threat models, how to think like an attacker and a defender, ethics |
Aug. 25 Crypto Basics Alice and Bob, hashes, HMACs, Length extension attacks |
Aug. 27 Crypto Basics Generating randomness, PRGs Homework 1 available |
Aug. 29 Confidentiality One-time pad, ciphers from hashes/MACs |
Sep. 1 Labor Day; No class |
Sep. 3 Confidentiality AES, Block ciphers, modes and padding oracle attacks |
Sep. 5 Key exchange Diffie-Hellman key exchange, man-in-the-middle attacks |
Sep. 8 Public-key crypto RSA encryption, digital signatures, secret sharing |
Sep. 10 Public-key crypto RSA attacks, drawbacks, and fixes |
Sep. 12 Web Basics Crash course in HTML, CSS, and Javascript Homework 1 due 11:59pm
|
Part 2. Web and Network Security
| Monday | Wednesday | Friday |
|---|---|---|
|
Sep. 15 Web Basics AJAX, Cookies, and threats |
Sep. 17 Web Basics Same origin policy |
Sep. 19 Web Attacks Client attacks and defenses: Cross site scripting (XSS) Crypto Project due 11:59pm
|
Sep. 22 Web Attacks Cross site secripting and request foregery (XSS & CSRF) |
Sep. 24 Web Attacks Server attacks and defenses: SQL / shell injection |
Sep. 26 No class |
Sep. 29 HTTPS and TLS The TLS protocol |
Oct. 1 Public Key Infrastructure Certificates, Authorities (CAs), and Transparency (CT) |
Oct. 3 TLS' Greatest Hits Attacks on TLS: Null Prefix, BEAST, CRIME, POODLE, Heartbleed, Logjam, FREAK, DROWN |
Oct. 6 TLS Greatest Hits, continued Null Prefix, BEAST, CRIME, POODLE, Heartbleed, Logjam, FREAK, DROWN |
Oct. 8 Networking Basics How the Internet works, packets, network monitoring |
Oct. 10 Networking Basics Routing, BGP, and threats Homework 2 due 11:59pm
|
Oct. 13 Network attacks and defenses ARP/IP spoofing, Network tools, DNS poisoning |
Oct. 15 Side-channel attacks Timing attacks, power analysis, defenses Web Project due 11:59pm
|
Oct. 17 Midterm exam In class, covering Crypto & Web projects |
Part 3. Host and Application Security
| Monday | Wednesday | Friday |
|---|---|---|
|
Oct. 20 Control hijacking Software architecture in x86: the stack, and return addresses |
Oct. 22 Control hijacking Simple buffer overflow |
Oct. 24 Control hijacking Common exploitable application bugs, shellcode Homework 3 due 11:59pm
|
Oct. 27 Control hijacking Defenses: canaries, ASLR, DEP |
Oct. 29 Control hijacking, Part AAAAAAAAAAAAAAAAAAAAAA |
Oct. 31 Computer architecture Security Meltdown & Spectre, Rowhammer attacks Networking Project due 11:59pm
|
Part 4. Security in Context
| Monday | Wednesday | Friday |
|---|---|---|
|
Nov. 3 Voting Risks, audits, and public policy |
Nov. 5 Cryptocurrency Bitcoin, blockchains, and friends |
Nov. 7 Cryptocurrency Ethereum |
Nov. 10 Machine Learning Crash course on gradient descent |
Nov. 12 Machine Learning Adversarial examples |
Nov. 14 Machine Learning ML in Python AppSec Project due 11:59pm
|
Nov. 17 'Smart' contracts Programming Ethereum and vulnerabilities |
Nov. 19 Online Privacy Online tracking, threats from “big data”, targeted snooping, differential privacy |
Nov. 21 Anonymity Tor, hidden services, attacks and defenses Homework 4 due 11:59pm
|
Nov. 24 Fall break |
Nov. 26 Fall break |
Nov. 28 Fall break |
Dec. 1 Internet censorship, Professor AMA Censors, circumvention, research Q&A |
Dec. 3 Physical security Locks and safes, lock picking techniques; defenses Homework 5 due 11:59pm
|
Dec. 5 Final exam review ML Project due 11:59pm
|
