Lecture 7: April 14, 2021
Reading: text, §24.5, 27.1–27.2
Due: Homework 2, due April 21, 2021; Lab 1, due April 19, 2021
- The models and levels of abstraction
- Some common vulnerabilities
- Catalogues: CVE (Common Vulnerabilities and Exposures), CWE (Common Weakness Enumeration)
- 2011 MITRE/SANS Top 25 Most Dangerous Software Errors
- OWASP Top 10 – 2017 The Ten Most Critical Web Application Security Risks
- Attacks
- Representing attacks
- Attack trees
- Requires/provides model
- Attack graphs