Learner Reviews & Feedback for Software Security by University of Maryland, College Park

Great

great

非常好！！

nice

good

good

Best

Good

t

Fantastic introduction to software security. My favourite part was the buffer overflow exploit project. I got a euphoria upon successfully hacking the program. Moreover, in the process of doing the project, I learned a lot about memory and low level programming. As a recent CS graduate, I learned a lot from this course; specifically, how unsafe C/C++ programs are (Week 1), the role of programming language theory in security (Week 5), the importance of input validation and sanitization, and overall security development mindfulness. In order to get the most out of this course, the learner should at least be familiar with assembly and computer architecture, C programming, web development. There is a minor mistake in a week 5 lecture that has gone unaddressed for a while, but the rest of the contents are amazing.

This course on software security was very informative . This is the best place to start off for a beginner as it not only covers the technical aspects of security ,but also talks about modelling threats and identifying adversaries and their capabilities.I however was slightly disappointed with the testing methods of this course.I feel that most of the testing should have been on the basis of projects and a project should have been included every week .But, all in all taking the course was a very pleasant experience and I thoroughly enjoyed all the projects that were given.

Looking forward to taking the next course in the specialization!!

This is a tough course. Tough because I had no experience in C or C++. My background is dot-net and visual basic. It's been study C++ 5 hours a day and take the course 2 hours a day. I made it. The professor is spot on when he says a C++ background is needed. But I made it.

If you have the required background you'll find it's a good basis for understanding the multiple vulnerabilities in this code, what they are and how they work. (You better understand stacks and heaps and pointers real well)

Worth the time and the effort. Cheers to University if Maryland for making it available and to Professor Hicks for his hard work.

Thank you for an insightful look at the world of software security. If I were to make a suggestion it would be to include a refresher module about programming in C. I find it odd that the syllabus wouldn't include some basics on C (while assuming the student is fluid with C) and yet, the course had a couple of modules to explain the most basic of web functionalities like server and client paradigm. I think some students of this course have that kind of knowledge mastered, and would have liked a refreshment for C to have an easier time in the earlier weeks.

Learnt a lot. Quite a lot of background required esp. if you've never debugged/analyzed memory locations/ of C programs before. I'm a web developer and write php in my day to day, with a little experience in C++. Being able to read C code wasn't too much of a problem. Very hard, however, was figuring out how to use gdb properly to analyze/ debug -- to calculate the distance between two memory locations, for example. That wasn't something I cared to anguish over.

I personally enjoyed the course. It covers number of topics in software security. Although I find this course pretty easy (read basic), I can understand that the goal of the course is to introduce and focus security in the software development process itself, hence it is brief. I would have liked if more "practical" work was there in the course. I liked all the assignments as well as projects, few of them were really good.

Very good course. Very good introduction to some interesting concepts in software security. Well explained. Maybe introduce more practical exercises. They could also include references to places where you can practice the concepts learned. For example repositories as vulnhub and others are sites where you can put into practice exercises. It however is a course that is very well explained ...

Described security issues are very practical & real. Material built in a structured and logical way. Very interesting interviews with the Expert from the certain security areas that gives oppertunity to see how it works from inside. Had some issues with the Projects passing due to the way how questions built - it took more time to understood questions then to find a response on it.

Good foundations, feels a bit dated though as the Web Security sections seem more focused on vulnerabilities more common in PHP/pre-Web 2.0 & the rise of modern frameworks such as Ruby on Rails, which is surprising for a series that came out in 2014. Still essential knowledge though for software security 101.

Excellent informative course. I specially find week 3-6 more interesting and relatable to my work. Week 1 - 2 are also informative but are heavily depends on C programming language. The projects are mildly challenging but are bit outdated, uses Virtual Box and stuff. I hope they update them with Docker.

I wanna thank Dr Michael but in fact the course wants some editing. First you should write the prerequisite courses for it also a link for each one would be generous. Second we should have more practical exercise done by the instructors live to explain more.. Thank you

This course is totally recommended for developers and architects no matter the programming language you use.

In my opinion, the only thing that I missed was a project for the penetration testing week.

Contents are very well teached and the interviews were awesome.

The course was taught well and contained very interesting and relevant content. However, an increase of projects would be beneficial as I feel just spitting out facts learned from the videos doesn't really make the information stick in a meaningful way.

Some parts of the course were more advanced (Program Analysis), while some briefly touched the topic (Penetration Testing). Web Application Security was almost there, while Low Level Security was just right!

Keep up the good work, recommended +++++

Solid course in software security. Really clear explanation of looking under the covers of how buffer overflows work. However, the virtual machines are four years out of date and getting them running for the labs were a major pain.

I really enjoyed the hands-on C exploit labs. That deserves a six week course on its own. The rest of the material provides a good introduction to tooling and general concepts. I feel like it is two different courses, in a way.