Protect Your Assets
Information Security for Technical Staff
This course teaches you practical techniques for protecting the security of your organization's information assets and resources, beginning with concepts and proceeding on to technical implementations.
Learn to Recognize Secure Code
The DidFail tool uses static analysis to detect potential leaks of sensitive information within a set of Android apps.
The Rosecheckers tool performs static analysis on C/C++ source files. It is designed to enforce the rules in the CERT C Coding standard.
Secure Coding Validation Suite
The Secure Coding Validation Suite is a set of tests that validate the rules defined in ISO Technical Specification 17961.
AIR Security Integer Model
Our researchers are working on a number of solutions for addressing the issue of integral security, including the "as-if infinitely ranged" AIR prototype.
Secure Coding in C and C++
This course provides practical advice on secure practices in C and C++ programming, provides a detailed explanation of common programming errors in C and C++, and describes how these errors can lead to code that is vulnerable to exploitation.
Secure Coding in Java
This four-day course provides a detailed explanation of common programming errors in Java and describes how these errors can lead to code that is vulnerable to exploitation.
This course, offered through Carnegie Mellon's Open Learning Initiative, addresses the secure and insecure use of integers, arrays, strings, dynamic memory, formatted input/output functions, and file I/O.
Secure Coding Standards
These rules and recommendations can help you evaluate your code for software security, safety, reliability, and related properties.
Combat Insider Threats
Public Insider Threat Workshops
These public offerings teach you patterns of insider behaviors, organizational issues, and technical actions over time for each type of crime.
Insider Threat Best Practices
These practices can help you mitigate IP theft, IT sabotage, and fraud in your organization.
Insider Threat Data Sets
This generated collection of synthetic insider threat test datasets provide both synthetic background data and data from synthetic malicious actors.
Learn More About Forensics
Advanced Forensic Response and Analysis
This course is designed for computer forensic professionals who are looking to build on a solid knowledge base in incident response and forensic analysis.
Applied Cybersecurity, Incident Response and Forensics
This five-day, hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Security topics such as vulnerability assessment, systems administration, network monitoring, incident response, and digital forensics will offer a comprehensive defense-in-depth experience.