Nov 21, 2024  
2022-2023 Undergraduate Academic Catalog 
    
Catalog Navigation
  Catalog Home
  Academic Calendar
  University Overview
  Admissions Department
  Academic Regulations and Policies
  Student Financial Services
  Degrees, Minors, and Certificates by Department
  Degree Programs, Minors, and Certificates
  University Scholars Honors Program
  Reserve Officers’ Training Corps. (ROTC)
  English for Academic Purposes (EAP)
  Course Descriptions
  Administration, Regents, Faculty, and Advisory Committees
  Campus Map
  Student Resources
  My Portfolio
HELP
2022-2023 Undergraduate Academic Catalog [ARCHIVED CATALOG]

Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)

SE 4930 - Developing Secure Software

2 lecture hours 2 lab hours 3 credits
Course Description
The complexity of software applications and the value of the data being handled by these applications has risen significantly in recent times. Unfortunately, this has been accompanied by an increased number of malicious attacks trying to gain unauthorized access privileged data. Many of these attacks are successful because good “secure” development practices were not followed. This course provides an overview of the various techniques and best practices used in the different phases of a software development life cycle targeted towards the development of secure software. Students will work in teams using professional tools to analyze the security of existing systems, and students will read professional publications dealing with software security. (prereq: SE 2840  and SE 2800 , or consent of instructor)
Course Learning Outcomes
Upon successful completion of this course, the student will be able to:
  • Analyze a software architecture for potential security vulnerabilities and weaknesses
  • Analyze the threats against a software system and determine mitigation actions for these threats
  • Apply the principle of least privilege to software design and security
  • Perform an Architectural Risk Analysis on a software application
  • Assess a software package for security vulnerabilities using a commercial grade static analysis tool
Prerequisites by Topic
  • Basic Web applications development
  • Core software engineering discipline/process
  • Basic UML design
  • Use case analysis
  • Use case scenario development
Course Topics
  • Introduction (1 class)
  • Exam and review (2 classes)
  • Course review and assessment (1 class)
  • The security problem (1 class)
  • Software security touchpoints (1 class)
  • Security requirements (1 class)
  • Abuse cases (1 class)
  • Design principles (2 classes)
  • Threat modeling (1 class)
  • Architectural risk analysis (1 class)
  • Static analysis (1 class)
  • Implementation mistakes (2 classes)
  • Security testing (2 classes)
  • Software security deployment (1 class)
  • The current state/ current events (2 classes)
Laboratory Topics
  • Asset identification and analysis
  • Requirements analysis
  • Abuse case modeling
  • Hacking tutorial
  • Architectural design
  • Threat Modeling/Architectural Risk Analysis with the Microsoft SDL Threat Modeling Tool
  • Static analysis with the Fortify Static Analysis Tool
  • Penetration testing tutorial
  • Security Testing Tutorial
  • Emerging topics
Coordinator
Dr. Walter Schilling


Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)