MIT 6.858: Computer Systems Security

MIT's hands-on security course. Learn to think like an attacker and build like a defender.

About This Course

MIT 6.858 covers the design and implementation of secure computer systems. The course takes a systems approach to security, covering both attack techniques and defensive mechanisms. Students gain practical experience through labs that involve exploiting and defending real software.

The course covers a broad range of security topics, from low-level memory corruption to web application security and privacy.

What You Will Learn

  • Buffer Overflows: Stack smashing, return-to-libc, ROP chains
  • Privilege Separation: Least privilege, sandboxing, capability-based security
  • Web Security: XSS, CSRF, SQL injection, session management, content security policy
  • Network Security: DNS security, TLS/SSL, Tor, anonymous communication
  • OS Security: User isolation, access control, reference monitors
  • Mobile Security: Android/iOS security models, application sandboxing
  • Side-Channel Attacks: Timing attacks, cache attacks, Spectre/Meltdown
  • Cryptography Applications: Key management, PKI, certificate transparency

Prerequisites

Operating systems (MIT 6.828 or 6.033), networking basics, C and Python programming.

Course content belongs to MIT OpenCourseWare. Licensed under Creative Commons BY-NC-SA.

Up next

Stanford CS155: Computer and Network Security

Dan Boneh and John Mitchell's security course. Covers web attacks, network security, malware, OS security, and the foundations of applied cryptography.