CIS 6614 unit -*- Outline -*-

* introduction
	motivation for the course, overview, basic terms

* real-world-bugs
	survey of some real world security bugs

* threat-modeling
        overview and tool demo

* static-analysis
        static analysis

* symbolic-execution
        symbolic execution and concolic testing

* fuzzing
        fuzz testing and variations

* evaluation-of-tools
        experimental evaluation of tools

* memory-attacks
        how memory attacks work and how to defend against them

* runtime-defenses
        using runtime monitors to enforce policies

* injection-attacks
        injection attacks including SQL injection and format string attacks

* web-app-security
        securing web browsing

* taint-analysis
        taint checking and information flow checking

* semantic-logic-bugs
        security bugs in web app integrations with APIs

* alloy
        using the Alloy analyzer to help detect semantic/logic bugs

        the side-channels moulde will not be used in fall 2023
* side-channels
        side-channels in web apps

* summary-review
        summary and review of the course