This course will bring together topics from programming languages, compilers, and security. My goal is to familiarize the students with the foundations of these topics by talking about compilers and runtime and then move on and cover the basics of 1) security attacks and 2) security defenses. The final portion of the course will focus on some of the recent academic research with a particular emphasis on practical systems that are actually deployed.

• Buffer overruns. History and what is relevant today when it comes to memory exploits. Worms. Heap spraying attacks. Detection and prevention.
• Web application vulnerabilities. SQL injections and cross-site scripting. JavaScript worms. Defenses and practical considerations.
• Browser security and issues with JavaScript. JavaScript is rapidly becoming the de-facto language of the web. As such, security issues that exist in the context of JavaScript are of particular interest.

Many of the topics I will touch upon in this course will serve as an example of modern research in software systems. The emphasis will be on instilling the practical researcher mindset in the students.