|
May 11, 2024
|
|
|
|
SE 4930 - Developing Secure Software2 lecture hours 2 lab hours 3 credits Course Description The complexity of software applications and the value of the data being handled by these applications has risen multi-fold in recent times. Unfortunately, this has been accompanied by the increased sophistication of the attack to gain unauthorized access to that data. When designing a malicious attack, attackers often exploit existing weaknesses and vulnerabilities in the current applications. Many of these vulnerabilities are a result of software defects that could possibly have been avoided if good “secure” development practices were followed. This course provides an overview of the various techniques and best-practices used in the different phases of a software development life cycle that are targeted towards the development of secure software. Students will work in teams using professional tools to analyze the security of existing systems, and students will read professional publications dealing with software security. (prereq: SE 2800 or SE 2890 , or consent of instructor) Course Learning Outcomes Upon successful completion of this course, the student will be able to:
- Analyze a software architecture for potential security vulnerabilities and weaknesses
- Analyze the threats against a software system and determine mitigation actions for these threats
- Apply the principle of least privilege to software design and security
- Assess a software package for security vulnerabilities using a commercial grade static analysis tool
- Demonstrate professional oral communication skills when presenting on a technical design
Prerequisites by Topic Course Topics
- Introduction (1 class)
- Exam and Review (2 classes)
- Course review and assessment (1 class)
- The Security Problem (1 class)
- Software Security Touchpoints (1 class)
- Security Requirements (1 class)
- Abuse Cases (1 class)
- Design Principles (2 classes)
- Threat Modeling (1 class)
- Static Analysis (1 class)
- Implementation Mistakes (3 classes)
- Security Testing (2 classes)
- Software Security Deployment (1 class)
- The current state/ current events (2 classes)
Laboratory Topics
- Asset identification and analysis
- Requirements analysis
- Abuse case modeling
- Hacking tutorial
- Architectural design
- Threat Modeling with the Microsoft SDL Threat Modeling Tool
- Static analysis with the Fortify Static Analysis Tool
- Penetration testing tutorial
- Fuzz testing software
- Emerging topics
Coordinator Walter Schilling
Add to Portfolio (opens a new window)
|
|