Module 1: Security Fundamentals

This module is designed to introduce you to academic concepts in security. By the end of this module, you should be able to understand that security is fundamentally risk management. You will also have developed a vocabulary to talk about different kinds of security threats.

Overview of Security:

Introduction to Computer Security:

Interesting Bonus Materials:

Questions for discussion:

  • In The security mirage Bruce Schneier talks about our implicit biases that distort our view of security. What are your biases?
  • Which methods of managing risk apply most to your role at Redox? See lecture 3 for a list.
  • Of confidentiality, integrity, and availability, which is the most important at Redox? See lecture 4 for one possible answer.

Module 2: Web Application Security

We make a web app. There are very specific and immediate vulnerabilities each developer needs to understand well and defend against.

Move slowly through these and finish the hacksplaing exercises on your own terms. This is marathon - not a sprint!

Exercises

  • Complete the free exercises at hacksplaining
  • Identify parts of the Redox application that mitigate each of the OWASP top 10

Module 3: Cryptography

Redox is a highly networked application. All of that information needs to be secured in transport and at rest. Cryptography is what is lets us do that.

Public key cryptography

Exercises

Module 4: Cloud Infrastructure Security

Final Project

The final project will be a presentation to the team on a recent security topic of interest to you.

Here are some resources for cutting edge topics: