Your feedback has been sent to our team.
1 Rating
Hours/Week
No grades found
— Students
A fairly enjoyable elective covering malware, application security, web security, and forensics with a dash of network security at the very end. Intro to Cyber is required and necessary to have; CSO1 is also required and comes in very handy (especially the assembly and reverse engineering sections). CSO2 is helpful to have to get a better understanding of Linux (process management, memory regions and protections, etc.)
Lectures were clear, but moved quite slowly. I feel like we could have covered more material had Prof. Hassan moved quicker through lecture topics. Many homeworks had special lecture slides prepared that discussed relevant concepts in more detail and provided helpful hints. However, at least for the web security homework, there was a significant gap in what the self-study slides presented and what the full scope of necessary information was. These are slight complaints, though; Prof. Hassan was great overall and both him and the TAs were very helpful.
Our homeworks were:
* Setting up a Linux VM, plus an intro to reverse engineering
* Injecting virus code into a Linux executable. One of the most difficult homeworks. I spent easily ~20-25 hours scouring the x86 manuals and looking at byte encodings to get it to work.
* Crafting a buffer overflow exploit and a format string vulnerability exploit. Continues the theme of hardcore reverse-engineering from the previous homework.
* A return-oriented programming (ROP) and obfuscation homework, which is somewhat easier than the previous ones.
* Web security exercises (CSRF, XSS, SQL injection). Very useful and fun to crack, but requiring a lot of time spent googling and in OH since lectures leave a lot of gaps to be filled in.
* Forensic analysis. Probably the second-hardest homework after the virus homework, with the file carving/file recovery portion especially difficult.
The most difficult homeworks will depend on your interests. If you don't like assembly, for instance, the reverse engineering homeworks in the first half of the semester will be less enjoyable. If you like web, you'll have a leg up for the web security homework when you need to deal with HTML and JavaScript. If you have experience with Linux system administration, the forensics homeworks are likely to be at least a little bit easier for you. Personally, I found the virus, web security, and forensics homeworks the hardest, but probably enjoyed the virus and web security homeworks the most.
We also had multiple choice quizzes about once every two to three weeks. Since the lecture slides are so clear, studying those are a great way to do well on the quizzes. The lowest quiz is dropped, which helps if you're having a rough week and either miss a quiz or do badly on one.
The lowlight of this class was probably the exams. There is one midterm and one final each worth 25% of your final grade. Class averages on these were comparable to averages on CSO exams but worth way more, so you can't really bank on a high homework and quiz average to offset the exam grades. Nonetheless, you are allowed one cheat sheet for both, which helps somewhat.
Overall, this was a pretty doable class (workload is maybe about halfway between Orebaugh's Intro to Cyber and CSO2) even when taking it with harder classes. I'd recommend it to anyone who wants to get more low-level cybersecurity experience after taking intro. If you enjoyed CSO, you'll enjoy this class. As with most CS classes, though, OH is a must.
Get us started by writing a question!
It looks like you've already submitted a answer for this question! If you'd like, you may edit your original response.
No course sections viewed yet.