Learn how to find vulnerabilities in code and fix them. First we will discuss threat analysis and how to prioritize risks using the STRIDE model and the CVSS scoring system. Then participants will examine deliberately insecure apps written in PHP, NodeJS, or other common languages.
Prior knowledge: participants should have some experience coding apps in any language.
The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter
before the lecture covering it, and take the quiz before that class.
Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts.
Don't use CCSF's Canvas system for this class. Instead, all students
should use this Canvas server: