3 credit/unit hours – Three hours of lecture weekly; one term

This course covers security vulnerabilities of programming in weakly typed languages like C and in more modern languages like Java. Common weaknesses exploited by attackers are discussed, as well as mitigation strategies to prevent those weaknesses. Students practice programming and analysis of software systems through testing and static analysis.

Learning Objectives

Upon completion of this course the student will be able to:

  • Differentiate between types of security vulnerabilities;
  • Describe various exploitations and risks in software;
  • Use security assurance techniques in their coding to mitigate vulnerabilities;
  • Testing and analyze software to provide security assurance; and
  • Demonstrate appropriate and ethical behavior and good work habits

Main Topics

1.0 Overview of security vulnerabilities and risks in software
2.0 Data Protection
3.0 Input validation and user authentication
4.0 Memory Management
5.0 Integer overflow and misuse of strings and pointers
6.0 Communication Vulnerabilities
7.0 Unit Testing for Security Vulnerabilities
8.0 Code Review
9.0 Vulnerabilities in Modern Languages
10.0 Standard Risk Mitigation Strategies and Resources