Presentation is loading. Please wait.

Presentation is loading. Please wait.

Engineering Secure Software

Published byEdiz Keleş Modified over 5 years ago

Similar presentations

Presentation on theme: "Engineering Secure Software"— Presentation transcript:

1 Engineering Secure Software
Course overview

2 Vulnerability of the Day
Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid, detect, and mitigate the issue Most will link to the Common Weakness Enumeration

3 In-Class Activities Most days, we will cover a tool or technique
Many activities are interactive and collaborative in nature …so attendance is necessary Activities are for learning Formative feedback, not summative No submissions (usually) – instructor checks in class Exams will have questions about those activities

4 Exams Midterm & Final exam Closed book Closed computer
Covers lecture material, VotD, textbook, and activities

5 Case Study Choose a large software project to study
Source code must be available (>10k SLOC) Domain must have security risks History of vulnerabilities must be available Instructor approved Paper with chapters on: Security risks of the domain Design risks Code inspection results Iterative paper writing Multiple submissions over the quarter You are graded on the content and how you react to my feedback

6 Case Study Ideas Tomcat Chromium RT MySQL Drupal Django PostGreSQL
MediaWiki OpenSSL Linux kernel Apache httpd VLC PHP Android Samba Ruby Java Quagga Ruby on Rails X Windows Joomla Hibernate Gnome GLibC Wireshark KDE OpenMRS Wordpress Thunderbird Pidgin Firefox PHPMyAdmin

7 Fuzz Testing Project We will have one larger programming project
Building a tool for automated security testing More info to be announced later

8 For Next Time Get into groups of 3 for the case study
If need be, we can have one or two pairs Use your account Create a Collection named “SE331 X” where X is your case study (you can rename it if you change) Add as an editor Due 2-1 Case study proposal (see website)

Download ppt "Engineering Secure Software"

Similar presentations

The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT

The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT
CSC 171 – FALL 2004 COMPUTER PROGRAMMING LECTURE 0 ADMINISTRATION.

CSC 171 – FALL 2004 COMPUTER PROGRAMMING LECTURE 0 ADMINISTRATION.
Csc111 :Programming with Java First semester 1432-1433 H.

Csc111 :Programming with Java First semester H.
Research Trends in Software Engineering – CS661 Shafay Shamail Malik Jahan Khan.

Research Trends in Software Engineering – CS661 Shafay Shamail Malik Jahan Khan.
INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!

INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!
Website Administration Information Systems 337 Prof. Harry Plantinga.

Website Administration Information Systems 337 Prof. Harry Plantinga.
Content Management Systems AN INTRODUCTION. Learning Objectives To know what a Content Management System is Have an understanding of the different types.

Content Management Systems AN INTRODUCTION. Learning Objectives To know what a Content Management System is Have an understanding of the different types.
 Dr. Natheer Khasawneh. Visual Programming CPE 411 Dr. Natheer Khasawneh Jordan University of Science and Technology.

 Dr. Natheer Khasawneh. Visual Programming CPE 411 Dr. Natheer Khasawneh Jordan University of Science and Technology.
CS 150 PERSONAL PRODUCTIVITY USING TECHNOLOGY Instructor: Xenia Mountrouidou.

CS 150 PERSONAL PRODUCTIVITY USING TECHNOLOGY Instructor: Xenia Mountrouidou.
GROUP PROJECTS IN SOFTWARE ENGINEERING EDUCATION Jiang Guo Department of Computer Science California State University Los Angeles April 3-4, 2009.

GROUP PROJECTS IN SOFTWARE ENGINEERING EDUCATION Jiang Guo Department of Computer Science California State University Los Angeles April 3-4, 2009.
Computer Science 2211b Software Tools and Systems Programming.

Computer Science 2211b Software Tools and Systems Programming.
Chapter 1: Introduction to Project Management

Chapter 1: Introduction to Project Management
SE3183 Advance Web Programming Programming Session 2013/2014.

SE3183 Advance Web Programming Programming Session 2013/2014.
ICS 102 Computer Programming University of Hail College of Computer Science & Engineering Computer Science and Software Engineering Department.

ICS 102 Computer Programming University of Hail College of Computer Science & Engineering Computer Science and Software Engineering Department.
ITMS3101: Digital Media Introduction and Overview Eng. Mohanned M. Dawoud Software Engineering University of Palestine.

ITMS3101: Digital Media Introduction and Overview Eng. Mohanned M. Dawoud Software Engineering University of Palestine.
Using McGraw Hill’s Connect Dr. Capers. You will need publisher code from your book (comes with purchased textbook) Click on link for your class to find.

Using McGraw Hill’s Connect Dr. Capers. You will need publisher code from your book (comes with purchased textbook) Click on link for your class to find.
Java Programming Computer Engineering Department JAVA Programming Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Java Programming Computer Engineering Department JAVA Programming Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
CS 140 Computer Programming (I) Second semester- 2014-2015 (3 credits) Imam Mohammad bin Saud Islamic University College of Computer Science and Information.

CS 140 Computer Programming (I) Second semester (3 credits) Imam Mohammad bin Saud Islamic University College of Computer Science and Information.
Dynamic Pages – Quiz #11 Feedback (under assignments) Lecture Code: 104087

Dynamic Pages – Quiz #11 Feedback (under assignments) Lecture Code:
Engineering Secure Software. Vulnerability of the Day  Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,

Engineering Secure Software. Vulnerability of the Day  Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,

Similar presentations

Ads by Google