Apr 30, 2024  
2015-2016 Undergraduate Academic Catalog 
    
Catalog Navigation
  Catalog Home
  Academic Calendar
  University Overview
  Enrollment Management Department
  Academic Regulations and Policies
  Student Accounts, Fees and Financial Aid
  Academic Departments, Undergraduate Degree Programs, Minors and Certificates
  Degree Programs, Minors and Certificates
  Reserve Officer Training Corps (ROTC)
  Course Descriptions
  Board of Regents, Academic Administration, Faculty and Advisory Committees
  Campus Map
  Student Resources
  My Portfolio
HELP
2015-2016 Undergraduate Academic Catalog [ARCHIVED CATALOG]

Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)

SE 4930 - Developing Secure Software

2 lecture hours 2 lab hours 3 credits
Course Description
The complexity of software applications and the value of the data being handled by these applications has risen multi-fold in recent times. Unfortunately, this has been accompanied by the increased sophistication of the attack to gain unauthorized access to that data. When designing a malicious attack, attackers often exploit existing weaknesses and vulnerabilities in the current applications. Many of these vulnerabilities are a result of software defects that could possibly have been avoided if good “secure” development practices were followed. This course provides an overview of the various techniques and best-practices used in the different phases of a software development life cycle that are targeted towards the development of secure software. Students will work in teams using professional tools to analyze the security of existing systems, and students will read professional publications dealing with software security. (prereq: SE 2800  or SE 2890 , or consent of instructor)
Course Learning Outcomes
Upon successful completion of this course, the student will be able to:
  • Analyze a software architecture for potential security vulnerabilities and weaknesses.
  • Analyze the threats against a software system and determine mitigation actions for these threats.
  • Apply the principle of least privilege to software design and security.
  • Assess a software package for security vulnerabilities using a commercial grade static analysis tool.
  • Demonstrate professional oral communication skills when presenting on a technical design.
Prerequisites by Topic
  • None 
Course Topics
  • Introduction (1 class)
  • Exam and Review (2 classes)
  • Course review and assessment (1 class)
  • The Security Problem (1 class)
  • Software Security Touchpoints (1 class)
  • Security Requirements (1 class)
  • Abuse Cases (1 class)
  • Design Principles (2 classes)
  • Threat Modeling (1 class)
  • Static Analysis (1 class)
  • Implementation Mistakes (3 classes)
  • Security Testing (2 classes)
  • Software Security Deployment (1 class)
  • The current state/ current events (2 classes)
Laboratory Topics
  • Asset identification and analysis
  • Requirements analysis
  • Abuse case modeling
  • Hacking tutorial
  • Architectural design
  • Threat Modeling with the Microsoft SDL Threat Modeling Tool
  • Static analysis with the Fortify Static Analysis Tool
  • Penetration testing tutorial
  • Fuzz testing software
  • Emerging topics
Coordinator
Walter Schilling


Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)