Building Secure Software

Course Description:  The objectives of this course are to expose students to techniques and practices related to secure software development and integration. The focus is practical with discussions on why and how mechanisms ensure security, what level of security is provided, and how hostile adversaries might violate the mechanisms. Programming flaws, methods to avoid and correct flaws, and economic cost of software bugs are also addressed. 

Lec	Topic	PPT Slides
1	Intro. to Information Security	Lecture notes
2	Introduction to software security	Lecture notes
3	Risk Management Homework 1 Due: 01/27	Lecture notes
4	Software Development Process	Lecture notes
5	Software Security Touchpoints	Lecture notes
6	Code Review	Lecture notes
7	Architectural Risk Analysis	Lecture notes
8	UML Security	Lecture notes
9	Misuse Cases Homework 2 Due: 02/22	Lecture Notes
10	Software Reliability	Lecture notes
11	Penetration Testing Risk-Based Security Testing	Lecture notes Lecture notes
12	Security Operations	Lecture notes
13	Taxonomy of Coding Errors	Lecture notes
14	Buffer Overruns Improper use of SSL	D.Bates       A. Wang Lecture notes D.Mingzhe Lecture notes
15	Format string problems Integer overflow	S. Gowan Lecture notes J. Kirby Lecture notes 1. W. Falls Lecture notes 2.
16	SQL Injection Command Injections	J. Beery A. Crowell Lecture notes A. Paixao Lecture notes
17	Failure to handle Errors Information Leakage	M. Abdullah Lecture notes     Additional slides A. Small D. Biggers Lecture notes
18	Cross-site scripting Race conditions	A. Neeraj N. Kain Lecture notes M. Sharaf M. Mai Lecture notes
19	National Standards	Lecture slides
20	National Standards	Lecture notes Final Exam Review
Project 1.  ANTI-PHISHING SOFTWARE, Michelle Mature, Devin Biggers, Aaron Smalls,  http://s2.webstarts.com/CSCE548Group3/index.html    1.  slides 2.  Secure Account Management Database, Willis Falls,  Alishia Jenkins, Nicholas Kain, https://sites.google.com/site/csce548group8/home 2.    slides 3.  Mockup, Dwayne Bates,  http://code.google.com/p/csce492spring2010/downloads/list  3.   slides
Project 1.      J2ME Challenge-Response OTP, Curry Dulcie, Alex Wong http://sites.google.com/site/csceproject548/home 1.       slides 2.      Web Application Security, Neeraj Agrawal, Andy Kraemer, http://548.xipikes.com/index.html 2.       slides 3.      A Method of Developing Secure Software for Nuclear Power Plants, Daniel Du, Jeffrey Kirby, Mohamed Sharaf,   https://sites.google.com/site/csce548group5/ 3.       slides
Project  1.  Secure, Role-Based Workflow Model, Jason Beery, Adam Crowell, Stephen Gowan, and Antonio Paixao,  http://www.cse.sc.edu/~beery/index.html 1.       slides