Mar 21, 2023  
2019-2020 Undergraduate Academic Catalog 
2019-2020 Undergraduate Academic Catalog [ARCHIVED CATALOG]

Add to Portfolio (opens a new window)

SE 4930 - Developing Secure Software

2 lecture hours 2 lab hours 3 credits
Course Description
The complexity of software applications and the value of the data being handled by these applications has risen significantly in recent times. Unfortunately, this has been accompanied by an increased number of malicious attacks trying to gain unauthorized access privileged data. Many of these attacks are successful because good “secure” development practices were not followed. This course provides an overview of the various techniques and best-practices used in the different phases of a software development life cycle targeted towards the development of secure software. Students will work in teams using professional tools to analyze the security of existing systems, and students will read professional publications dealing with software security. (prereq: SE 2840  and SE 2800 , or consent of instructor)
Course Learning Outcomes
Upon successful completion of this course, the student will be able to:
  • Analyze a software architecture for potential security vulnerabilities and weaknesses
  • Analyze the threats against a software system and determine mitigation actions for these threats
  • Apply the principle of least privilege to software design and security
  • Perform an Architectural Risk Analysis on a software application
  • Assess a software package for security vulnerabilities using a commercial grade static analysis tool

Prerequisites by Topic
  • Basic Web applications development
  • Core software engineering discipline/process
  • Basic UML design
  • Use case analysis
  • Use case scenario development

Course Topics
  • Introduction (1 class)
  • Exam and review (2 classes)
  • Course review and assessment (1 class)
  • The security problem (1 class)
  • Software security touchpoints (1 class)
  • Security requirements (1 class)
  • Abuse cases (1 class)
  • Design principles (2 classes)
  • Threat modeling (1 class)
  • Architectural risk analysis (1 class)
  • Static analysis (1 class)
  • Implementation mistakes (2 classes)
  • Security testing (2 classes)
  • Software security deployment (1 class)
  • The current state/ current events (2 classes)

Laboratory Topics
  • Asset identification and analysis
  • Requirements analysis
  • Abuse case modeling
  • Hacking tutorial
  • Architectural design
  • Threat Modeling / Architectural Risk Analysis with the Microsoft SDL Threat Modeling Tool
  • Static analysis with the Fortify Static Analysis Tool
  • Penetration testing tutorial
  • Security Testing Tutorial
  • Emerging topics

Dr. Walter Schilling

Add to Portfolio (opens a new window)