Building Secure Software


Course Description:  The objectives of this course are to expose students to techniques and practices related to secure software development and integration. The focus is practical with discussions on why and how mechanisms ensure security, what level of security is provided, and how hostile adversaries might violate the mechanisms. Programming flaws, methods to avoid and correct flaws, and economic cost of software bugs are also addressed. 
Lec
Topic
PPT Slides
1
Intro. to Information Security

2
Introduction to software security
3
Risk Management

Due: 01/27
4
Software Development Process
5
Software Security Touchpoints
6
Code Review
7
Architectural Risk Analysis
8
UML Security
9
Misuse Cases

Due: 02/22


10
Software Reliability

11
Penetration Testing

Risk-Based Security Testing

12
Security Operations
13
Taxonomy of Coding Errors
14
Buffer Overruns


Improper use of SSL
D.Bates       A. Wang

D.Mingzhe
15
Format string problems



Integer overflow
S. Gowan
J. Kirby
W. Falls
16
SQL Injection

Command Injections
J. Beery A. Crowell

A. Paixao
17
Failure to handle Errors




Information Leakage
M. Abdullah
  
 Additional slides

A. Small D. Biggers
18
Cross-site scripting



Race conditions
A. Neeraj N. Kain

M. Sharaf M. Mai
19
National Standards
Lecture slides
20
National Standards

Project
1.  ANTI-PHISHING SOFTWARE, Michelle Mature, Devin Biggers, Aaron Smalls,  http://s2.webstarts.com/CSCE548Group3/index.html  

 1.  slides

2.  Secure Account Management Database, Willis Falls,  Alishia Jenkins, Nicholas Kain, https://sites.google.com/site/csce548group8/home

2.    slides


 3.   slides
Project
1.      J2ME Challenge-Response OTP, Curry Dulcie, Alex Wong http://sites.google.com/site/csceproject548/home
1.       slides

2.      Web Application Security, Neeraj Agrawal, Andy Kraemer, http://548.xipikes.com/index.html

2.       slides

3.      A Method of Developing Secure Software for Nuclear Power Plants, Daniel Du, Jeffrey Kirby, Mohamed Sharaf,   https://sites.google.com/site/csce548group5/

3.       slides
Project

 1.  Secure, Role-Based Workflow Model, Jason Beery, Adam Crowell, Stephen Gowan, and Antonio Paixao,  http://www.cse.sc.edu/~beery/index.html

1.       slides


No comments: