Presentation is loading. Please wait.

Presentation is loading. Please wait.

Engineering Secure Software

Published byAnnabel Merritt Modified over 6 years ago

Similar presentations

Presentation on theme: "Engineering Secure Software"— Presentation transcript:

1 Engineering Secure Software
Course overview

2 Vulnerability of the Day
Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid, detect, and mitigate the issue Most will link to the Common Weakness Enumeration

3 In-Class Activities Most days, we will cover a tool or technique
Many activities are interactive and collaborative in nature …so attendance is necessary Activities are for learning Formative feedback, not summative No submissions (usually) – instructor checks in class Exams will have questions about those activities

4 Exams Exam 1, Exam 2, & Final exam Closed book Closed computer
Covers lecture material, VotD, textbook, and activities

5 Fuzz Testing Project We will have one larger programming project Goal:
Build a tool for automated security testing Web applications Continuous Integration Individuals, not teams Goal: How do we automate exploratory testing? What can be automated easily, what can’t?

6 Vulnerability History Project
What are the origins of past vulnerabilities? What are the mistakes that led to a vulnerability being introduced and missed? What can we learn from history? Some writing, lots of investigation Peer review process as well

7 Case Study Choose a large software project to study
Source code must be available (>10k SLOC) Domain must have security risks History of vulnerabilities must be available Instructor approved Paper with chapters on: Security risks of the domain Design risks Code inspection results Iterative paper writing Multiple submissions You are graded on the content and how you react to my feedback

8 Reading Quizzes McGraw has a different approach and perspective worth seeing Quizzes will be: Done through myCourses On your own time (i.e. open book) Multiple choice Multiple attempts

Download ppt "Engineering Secure Software"

Similar presentations

CMPT 275 Software Engineering

CMPT 275 Software Engineering
Slide 01-1COMP 7370, Auburn University COMP 7370 Advanced Computer and Network Security Dr. Xiao Qin Auburn University

Slide 01-1COMP 7370, Auburn University COMP 7370 Advanced Computer and Network Security Dr. Xiao Qin Auburn University
Learning and Teaching Conference 2012 Skill integration for students through in-class feedback and continuous assessment. Konstantinos Dimopoulos City.

Learning and Teaching Conference 2012 Skill integration for students through in-class feedback and continuous assessment. Konstantinos Dimopoulos City.
Using SAM 2007 & Aplia In Online Courses. Don Danner San Francisco State University

Using SAM 2007 & Aplia In Online Courses. Don Danner San Francisco State University
Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.

Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.
Designing an Effective Course Curriculum Ponnurangam K (“PK”) Indo-US Workshop on Effective Teaching at College / University Level Feb 10, 2011.

Designing an Effective Course Curriculum Ponnurangam K (“PK”) Indo-US Workshop on Effective Teaching at College / University Level Feb 10, 2011.
Course Orientation Tests & Quizzes Tool. If the instructor has added “Tests & Quizzes” to the course as a form of assessment, click on the link in the.

Course Orientation Tests & Quizzes Tool. If the instructor has added “Tests & Quizzes” to the course as a form of assessment, click on the link in the.
CSCE 312 Computer Organization Lecture 0: Course Administration EJ Kim Department of Computer Science and Engineering 338B Bright 979-845-3660.

CSCE 312 Computer Organization Lecture 0: Course Administration EJ Kim Department of Computer Science and Engineering 338B Bright
Using MyMathLab Features You must already be registered or enrolled in a current MyMathLab class in order to use MyMathLab. If you are not registered or.

Using MyMathLab Features You must already be registered or enrolled in a current MyMathLab class in order to use MyMathLab. If you are not registered or.
 Dr. Natheer Khasawneh. Visual Programming CPE 411 Dr. Natheer Khasawneh Jordan University of Science and Technology.

 Dr. Natheer Khasawneh. Visual Programming CPE 411 Dr. Natheer Khasawneh Jordan University of Science and Technology.
Course Introduction CS 2302 SPRING 2015. Course Introduction In this part we'll discuss course mechanics. Most of this will apply to all sections of the.

Course Introduction CS 2302 SPRING Course Introduction In this part we'll discuss course mechanics. Most of this will apply to all sections of the.
Advanced Computer Networks by Behzad Akbari Spring 2011 In the Name of the Most High.

Advanced Computer Networks by Behzad Akbari Spring 2011 In the Name of the Most High.
Software Evaluation Criteria Automated Assignment Applications RSCoyner 10/8/04.

Software Evaluation Criteria Automated Assignment Applications RSCoyner 10/8/04.
CSS 404 Internet Concepts. XP Objectives Developing a Web page and a Website Working with CSS (Cascading Style Sheets) Web Tables Web Forms Multimedia.

CSS 404 Internet Concepts. XP Objectives Developing a Web page and a Website Working with CSS (Cascading Style Sheets) Web Tables Web Forms Multimedia.
CMSC 345, Spring 20031 CMSC 345 Software Design and Development Spring 2003 Section 0101 Ms. Susan Mitchell “Welcome to the School of Hard Knocks”

CMSC 345, Spring CMSC 345 Software Design and Development Spring 2003 Section 0101 Ms. Susan Mitchell “Welcome to the School of Hard Knocks”
Course Introduction Software Engineering

Course Introduction Software Engineering
Wiley eGrade. What is eGrade? Web-based software that enables instructors to automate the process of assigning and grading homework and quiz assignments.

Wiley eGrade. What is eGrade? Web-based software that enables instructors to automate the process of assigning and grading homework and quiz assignments.
ICS 102 Computer Programming University of Hail College of Computer Science & Engineering Computer Science and Software Engineering Department.

ICS 102 Computer Programming University of Hail College of Computer Science & Engineering Computer Science and Software Engineering Department.
Welcome Course name Faculty name. YOUR COURSE MATERIALS Warren/Reeve/Duchac, Accounting: 22E You will… — be tested — receive homework assignments — have.

Welcome Course name Faculty name. YOUR COURSE MATERIALS Warren/Reeve/Duchac, Accounting: 22E You will… — be tested — receive homework assignments — have.
EEL4712 Digital Design. Instructor Dr. Greg Stitt Office Hours: TBD (Benton 323) Also, by appointment.

EEL4712 Digital Design. Instructor Dr. Greg Stitt Office Hours: TBD (Benton 323) Also, by appointment.

Similar presentations

Ads by Google