A collection of readings assigned in the course.

Check your course LMS page (e.g., Canvas) to see whether library links are available for these readings.

Authentication and Passwords

The reading covers Anderson, either 2nd edition or 3rd edition:

If you read the 3rd edition, please also read this excerpt from the 2nd edition:

“Regardless of how well passwords are managed, there can be absolute limits imposed by the design of the platform. For example, Unix systems used to limit the length of the password to eight characters (you could often enter more than this, but the ninth and subsequent characters were ignored). The effort required to try all possible passwords — the total exhaust time, in cryptanalytic jargon — is 96^8 or about 2^52, and the average effort for a search is half of this” (p. 58).

Cryptography - Asymmetric Encryption


Cryptography – Digital Certificates and PKI

Online: Moxie Marlinspike: SSL And The Future Of Authenticity

Cryptography – Hashes & Symmetric

  • Anderson, Ch. 5, pp. 129-149 (2nd ed.); pp. 138–156 (3rd ed.)
  • “Secrets & Lies”, Chapters 6 & 7 (library link available)


Information Privacy

Tim Cook’s EU Privacy Speech

Introduction to Computer Networking

“Secrets & Lies”, Chapters 11 & 12 (library link available)

Malware Analysis

Introduction and Chapter 0 of “Practical Malware Analysis” by Sikorski and Honig. (library link available)

Network Security Monitoring

Bejtlich, “The Practice of Network Security Monitoring”, Chapter 1 (library link available)

Physical Security

Anderson, Chapter 11

Threat Modeling

  • “Threat Modeling,” by Adam Shostack (library link available).
    • Introduction
    • Chapter 1
    • Chapter 4
  • Also read “Secrets & Lies”, Chapters 19 and 21 (especially chapter 21 for attack tree metrics) (library link available)


  • G. Conti and J. Caroland, “Embracing the Kobayashi Maru: Why You Should Teach Your Students to Cheat,” in IEEE Security & Privacy, vol. 9, no. 4, pp. 48-51, July-Aug. 2011, doi: 10.1109/MSP.2011.80. (pdf)

Web Application Security -- XSS

Stuttard and Pinto, “The Web Application Hacker’s Handbook” (library link available), Chapter 12, sections ‘Varieties of XSS’ and ‘XSS Attacks in Action’

Web application security -- SQLi