Engineering Secure Software

Slides:



Advertisements
Similar presentations
The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT
Advertisements

CSC 171 – FALL 2004 COMPUTER PROGRAMMING LECTURE 0 ADMINISTRATION.
Csc111 :Programming with Java First semester H.
Research Trends in Software Engineering – CS661 Shafay Shamail Malik Jahan Khan.
INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!
Website Administration Information Systems 337 Prof. Harry Plantinga.
Content Management Systems AN INTRODUCTION. Learning Objectives To know what a Content Management System is Have an understanding of the different types.
 Dr. Natheer Khasawneh. Visual Programming CPE 411 Dr. Natheer Khasawneh Jordan University of Science and Technology.
CS 150 PERSONAL PRODUCTIVITY USING TECHNOLOGY Instructor: Xenia Mountrouidou.
GROUP PROJECTS IN SOFTWARE ENGINEERING EDUCATION Jiang Guo Department of Computer Science California State University Los Angeles April 3-4, 2009.
Computer Science 2211b Software Tools and Systems Programming.
Chapter 1: Introduction to Project Management
SE3183 Advance Web Programming Programming Session 2013/2014.
ICS 102 Computer Programming University of Hail College of Computer Science & Engineering Computer Science and Software Engineering Department.
ITMS3101: Digital Media Introduction and Overview Eng. Mohanned M. Dawoud Software Engineering University of Palestine.
Using McGraw Hill’s Connect Dr. Capers. You will need publisher code from your book (comes with purchased textbook) Click on link for your class to find.
Java Programming Computer Engineering Department JAVA Programming Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
CS 140 Computer Programming (I) Second semester (3 credits) Imam Mohammad bin Saud Islamic University College of Computer Science and Information.
Dynamic Pages – Quiz #11 Feedback (under assignments) Lecture Code:
Engineering Secure Software. Vulnerability of the Day  Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,
Linux Essentials Chapter 2: Investigating Linux’s Principles and Philosophy.
LINUX System : Lecture 1 Course Overview Bong-Soo Sohn Associate Professor School of Computer Science and Engineering Chung-Ang University.
BIMM118 Introductory Pharmacology Please turn OFF your cell phones!
Jongwook Woo CIS 520 Software Engineering (Syllabus) Jongwook Woo, PhD California State University, LA Computer and Information System.
SE-280 Dr. Mark L. Hornick 1 SE-280 Software Engineering Process Dr. Mark L. Hornick web: myweb.msoe.edu/hornick SE280 info syllabus,
SCHILLER INTERNATIONAL UNIVERSITY
Operating Systems Lecture 1 Jinyang Li. Class goals Understand how an OS works by studying its: –Design principles –Implementation realities Gain some.
EEL4720/5721 Reconfigurable Computing Greg Stitt Associate Professor.
CS Welcome to CS 5383, Topics in Software Assurance, Toward Zero-defect Programming Spring 2007.
SE-2030 Software Engineering Tools and Practices SE-2030 Dr. Mark L. Hornick 1.
Please initial the attendance roster near the door. If you are on the Wait List you will find your name at the bottom. If you are not on the roster, please.
Asst. Prof. Dr. Mongkut Piantanakulchai
Fall 2012 Professor C. Van Loan Introduction to CSE Using Matlab GUIs CS 1115.
CPE433: Performance Evaluation and Modeling Introduction Dr. Gheith Abandah د. غيث علي عبندة.
Please initial the attendance roster near the door. If you are on the Wait List you will find your name at the bottom. If you are not on the roster, please.
Course Information CSE 2031 Fall Instructor U. T. Nguyen /new-yen/ Office: CSEB Office hours:  Tuesday,
Course Overview Stephen M. Thebaut, Ph.D. University of Florida Software Engineering.
Welcome to Open Source Technology An Overview of Software By Afroz Hippargi, CIT, YASHADA, Pune.
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses. ©Copyright Network Development Group Module 2 Open Source.
Google Summer of Code™ "Flip bits not burgers"
EnhanceEdu IIIT-Hyderabad. Agenda What’s a wiki? Comparison with a website Wiki Formatting ‘My’ Page Fun with wiki 2EnhanceEdu, IIIT-Hyderabad.
Chapter 13 Web Application Infrastructure
Computer Network Fundamentals CNT4007C
Welcome to CS 4390/CS5381: Introduction to Formal Methods
CPE741: Distributed Systems Course Introduction
Chapters Included sections are indicated in the syllabus.
Computer Networks CNT5106C
Welcome!! Sign by your name on the papers by the door.
CPE741: Distributed Systems Course Introduction
CPE741: Distributed Systems Course Introduction
Drupal VM and Docker4Drupal For Drupal Development Platform
Department of Computer Science, Florida State University
Drupal VM and Docker4Drupal as Consistent Drupal Development Platform
Hybrid Course Overview & Requirements
Information Systems Security Winter
Computer Networks CNT5106C
Chapter 0 The Course Plan.
Chapter 0 The Course Plan.
Hybrid Course Overview & Requirements
Engineering Secure Software
Web Technology Overview
Introduction to Statistics
CS5103 Software Engineering
Computer Networks CNT5106C
CS-240 Course Overview Dr. Wilkerson.
Computer Engineering Department Islamic University of Gaza
Information Technologies Anselm Spoerri PhD (MIT)
CS201 – Course Expectations
Presentation transcript:

Engineering Secure Software Course overview

Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid, detect, and mitigate the issue Most will link to the Common Weakness Enumeration http://cwe.mitre.org

In-Class Activities Most days, we will cover a tool or technique Many activities are interactive and collaborative in nature …so attendance is necessary Activities are for learning Formative feedback, not summative No submissions (usually) – instructor checks in class Exams will have questions about those activities

Exams Midterm & Final exam Closed book Closed computer Covers lecture material, VotD, textbook, and activities

Case Study Choose a large software project to study Source code must be available (>10k SLOC) Domain must have security risks History of vulnerabilities must be available Instructor approved Paper with chapters on: Security risks of the domain Design risks Code inspection results Iterative paper writing Multiple submissions over the quarter You are graded on the content and how you react to my feedback

Case Study Ideas Tomcat Chromium RT MySQL Drupal Django PostGreSQL MediaWiki OpenSSL Linux kernel Apache httpd VLC PHP Android Samba Ruby Java Quagga Ruby on Rails X Windows Joomla Hibernate Gnome GLibC Wireshark KDE OpenMRS Wordpress Thunderbird Pidgin Firefox PHPMyAdmin

Fuzz Testing Project We will have one larger programming project Building a tool for automated security testing More info to be announced later

For Next Time Get into groups of 3 for the case study If need be, we can have one or two pairs Use your GoogleDocs@RIT account Create a Collection named “SE331 X” where X is your case study (you can rename it if you change) Add andy.meneely@gmail.com as an editor Due 2-1 Case study proposal (see website)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.