Detailed Course Description:
The goal of this course is to expand my understanding along the breadth of security topics. At Purdue, I have been exposed to a multitude of Computer Science fields, each has it’s own classes of vulnerabilities. Exploring these would better prepare me for the professional industry to fix these bugs. To explore a topic this vast, I aim to take two approaches which I describe below:
- Investigate Current Cyber Security Vulnerabilities Modern systems patch security holes each day, and these patches give an insight into the underlying problems. This approach would consist of identifying interesting and current cyber security vulnerabilities in relevant news sources including: Google’s Project Zero which discusses zero day exploits that their team finds, the Sans Institute’s weekly news letter which describes recent security news and cites further articles, and more. These articles would be a starting point allowing me to investigate the causes of the bugs, and how a fix was implemented. Other readings include current security research across the range of security topics. To supplement these readings, I will create a report for each of the bugs that I looked into detailing the vulnerability, my opinion of it’s severity, and the patch.
- Participate in Capture The Flag Competitions Capture the flag competitions allow participants to learn and practice system security, reverse engineering, cryptography, web security, and more. These competitions are set up in a way to safely and legally test security skills on segmented systems. The problems are technically complex and incorporate recent vulnerabilities. When you successfully complete a challenge, you get a ‘flag’, which is a specially formatted string to submit and receive points for. I would participate in these competitions, create writeups for all challenges I solved, explore the writeups of other competitors for challenges I was unable to solve, and create an overall report.