| Homepage | Syllabus | Schedule | Homework & Projects |
Note: Dates and topics are approximate and subject to change.
| Date | Topics | Reading |
|---|---|---|
| Week 1 | ||
| 08/27 | Introduction to Software Security |
SSBSI 1: Defining a Discipline Security Basics Security 101 (slides) |
| Week 2 | ||
| 09/03 |
HW 0 due by 8am RVV: Security Requirements |
SSBSI 8: Abuse Cases Security Requirements 3 ways abuse cases can drive security requirements Are you making software security a requirement? |
| Week 3 | ||
| 09/10 |
HW 1.requirements due by 8am RM: Risk Management Framework |
SSBSI 2: A Risk Management Framework Risk Management Testing (Review) Risk Management in Software Projects Security Requirements Engineering |
| Week 4 | ||
| 09/17 |
HW 1.tests due by 8am D: Secure Design Principles |
Principles of Computer System Design, Ch. 11 Security Design Principles Secure by Design – the Architect's Guide to Security Design Principles (slides) |
| Week 5 | ||
| 09/24 |
HW 1.code due by 8am T: Static Analysis |
SSBSI 4: Code Review with a Tool |
| Week 6 | ||
| 10/01 | SC: Risky Resource Management |
24DSSS 5: Buffer Overruns, 6: Format String Problems, 7: Integer Overflows CWE / SANS Top 25 Software Errors: Risky Resource Management Monster Mitigations |
| Week 7 | ||
| 10/08 | RVV: Software Verification and Validation |
The verifying compiler: A grand challenge for computing research (watch the lecture at Gresham College) Hacker-Proof Coding |
| Week 8 | ||
| 10/15 |
HW 2 due by 8am RM: Architectural Risk Analysis / Threat Modeling |
SSBSI 5: Architectural Risk Analysis Planning Poker or How to avoid analysis paralysis while release planning Protection Poker: The New Software Security "Game" STRIDE and DREAD |
| Week 9 | ||
| 10/22 |
Build It due by 8am D: Secure Design Patterns |
Software-Security Patterns: Degree of Maturity Secure Design Patterns |
| Week 10 | ||
| 10/29 | Project Work Week | |
| Week 11 | ||
| 11/05 | T: Symbolic Execution |
Introducing Symbolic Execution Symbolic Execution: A Little History Basic Symbolic Execution Symbolic Execution as Search and the Rise of Solvers Symbolic Execution Systems |
| Week 12 | ||
| 11/12 |
HW 3 due by 8am SC: Porous Defenses |
24DSSS 16: Executing Code with Too Much Privilege, 17: Failure to Protect Stored Data, 21: Using the Wrong Cryptography |
| Week 13 | ||
| 11/19 |
Break It due by 8am Thanksgiving Break |
Alice's Restaurant |
| Week 14 | ||
| 11/26 | SC: Insecure Interaction Between Components | 24DSSS 1: SQL Injection, 2: Web Server-Related Vulnerabilities (XSS, CSRF, Response Splitting), 3: Web Client-Related Vulnerabilities (XSS) |
| Week 15 | ||
| 12/03 |
Fix It due by 8am 489: Paper Report due by 8am 689: Annotation Project due by 8am |
The Final Countdown |
| Week 16 | ||
| 12/10 |
No Final Exam Have a Safe and Happy Winter Break |
|