Given the wealth of information online about security, we will not have a textbook for this class. Our readings will come from a combination of papers, blogs, tutorials, and other online sources.
That said, there are some excellent reference books out there. I particularly like Ross Anderson's Security Engineering (first edition available online). For web security, check out Dafydd Studdard and Marcus Pinto's Web Application Hacker's Handbook. OWASP's WebGoat project offers self-guided lessons on web application security. In general, OWASP has a host of useful summaries on attacking, finding, and preventing web application vulnerabilities.
Highlighted readings should be done before class. Other readings provide additional information that might help with assignments or for those interested in the topic.
Aug 23: Course Overview
Readings:
Aug 24: SQL Injection
Readings:
Aug 27: Cross-Site Scripting
Readings:
Handouts:
Aug 30: Clickjacking
Readings:
Aug 31: "Think Like a Thief" Day
Readings:
Handouts:
Sept 3: Labor Day Holiday (No Class)
Sept 4: Threat Modelling
Readings:
Handouts:
Sept 6-10: Cryptography
Readings:
Sept 11-13: Session Management
Readings:
Sept 13-14: Authentication and Identity
Readings:
Sept 14: Passwords
Readings: [Starred readings cover class material, others for interest/edification]
Contributions from the Class:
Sept 17: Attacking C Code
Readings:
Sept 20: Access Control
Readings:
Handouts:
Sept 21: Capabilities
Readings:
Handouts:
Sept 24-25: Usability
Readings:
Sept 27: Social Engineering
Readings:
October 1: Network Security (Guest Lecture, Phil Deneault, WPI Chief Information Security Officer)
October 2: Security in the Cloud
Readings:
October 4: Mobile Phone Application Security
Readings:
October 5: Security Models
Readings: