Num Date Topic Reading Presentations Assignment
0 2008-08-27 Introduction The Psychology of Security Introduction  
1 2008-09-03 Threats
  1. The Ghost in the Browser: An Analysis of Web-based Malware
  2. Automated Web Patrol with Strider Honeymonkeys
  3. Analyzing and Disrupting Attacker‘ Black Markets
  1. Nick Hoffman
  2. Kim Giglia
  3. Jeff Wheeler
  
2 2008-09-10 SQL Injection
  1. SQL Injection Attacks by Example
  2. Proposing SQL Statement Coverage Metrics
  3. Secubat: A Web Vulnerability Scanner
  1. Stuart Jaskowiak
  2. Ray Stone
 a1
3 2008-09-17 Static Analysis
  1. Finding Security Vulnerabilities in Java Applications with Static Analysis
  2. Sound and Precise Analysis of Web Applications for Injection Vulnerabilities
  1. Roy Ford
  2. Pompiliu Rotaru
  
4 2008-09-24 Cross-site Scripting
  1. Static Detection of Cross-Site Scripting Vulnerabilities
  2. Defeating Script Injection Attacks with Browser-Enforced Embedded Policies
  1. Ryan Lehan
  2. Jason Froehlich
 a2
5 2008-10-01 Improving Security
  1. Is Finding Security Holes A Good Idea?
  2. Milk or Wine: Does Software Security Improve with Age?
  1. Jeff Wheeler
  2. Nick Hoffman
  
6 2008-10-08 Phishing
  1. Why Phishing Works
  2. CANTINA: A Content-Based Approach to Detecting Phishing Web Sites
  3. Closing the Phishing Hole - Fraud, Risk and Nonbanks
    
7 2008-10-15 Usability
  1. Analyzing Websites for User-Visible Security Design Flaws
  2. An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks
  3. The Emperor's New Security Indicators
    
8 2008-10-22        
9 2008-10-29        
10 2008-11-05        
11 2008-11-12        
12 2008-11-19        
13 2008-12-03 Paper presentations      
14 2008-12-10 Paper presentations      
 

©2008 James Walden, Ph.D.