马里兰大学好像推出了一系列关于cyber security的课程
https://www.coursera.org/specialization/cybersecurity/7/overview
后面的都好理解,usable security是什么呢?我去那个课程那里看了一下简介,发现比这个技术上的安全实际上更让我感兴趣了。按照他所说的,
This course focuses on how to design and build secure systems with a human-centric focus.
我觉得这和社工可能有很大关系吧。
这里举了一些黑帽子常用的漏洞,缓冲区溢出,格式化串(这个我感觉好像已经变困难了),迷途指针的解引用
附上迷途指针的定义
Dangling pointers and wild pointers in computer programming are pointers that do not point to a valid object of the appropriate type. These are special cases of memory safety violations. More generally, dangling references and wild references are references that do not resolve to a valid destination, and include such phenomena as link rot on the internet.
这些专业术语都是些我只闻其名,不知其所以然的东西。这里留个图以后提醒自己。
接下来是顺着软件开发周期作安全考量:
纵深防御
Defense in Depth (also known as Castle Approach) is an information assurance (IA) concept in which multiple layers of security controls (defense) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of personnel, procedural, technical and physical for the duration of the system's life cycle.
第二个没有找到···应该和MAC有关吧。第一个我记得跟北大的安全操作系统课程说的一样,就是安全的部分尽可能的要做的简单和独立。
http://web.mit.edu/rog/www/papers/simplicity.pdf
随手翻到了MIT的一个什么文章,以后有时间再看看···
不过这门课连渗透测试(符号执行在内)也作为单独的章节,不禁让我感叹国内国外的教育水平还是有一些差距啊····
193
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
