engineering secure software. vulnerability of the day each day, we will cover a different type of...
TRANSCRIPT
![Page 1: Engineering Secure Software. Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,](https://reader036.vdocument.in/reader036/viewer/2022072016/56649ee85503460f94bf98fa/html5/thumbnails/1.jpg)
COURSE OVERVIEWEngineering Secure Software
![Page 2: Engineering Secure Software. Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,](https://reader036.vdocument.in/reader036/viewer/2022072016/56649ee85503460f94bf98fa/html5/thumbnails/2.jpg)
Vulnerability of the Day
Each day, we will cover a different type of code-level vulnerabilityUsually a demoHow to avoid, detect, and mitigate the issue
Most will link to the Common Weakness Enumerationhttp://cwe.mitre.org
![Page 3: Engineering Secure Software. Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,](https://reader036.vdocument.in/reader036/viewer/2022072016/56649ee85503460f94bf98fa/html5/thumbnails/3.jpg)
In-Class Activities Most days, we will cover a tool or technique
Many activities are interactive and collaborative in nature…so attendance is necessary
Activities are for learningFormative feedback, not summativeNo submissions (usually) – instructor checks in
classExams will have questions about those activities
![Page 4: Engineering Secure Software. Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,](https://reader036.vdocument.in/reader036/viewer/2022072016/56649ee85503460f94bf98fa/html5/thumbnails/4.jpg)
Exams
Exam 1, Exam 2, & Final exam
Closed book Closed computer Covers lecture material, VotD, textbook,
and activities
![Page 5: Engineering Secure Software. Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,](https://reader036.vdocument.in/reader036/viewer/2022072016/56649ee85503460f94bf98fa/html5/thumbnails/5.jpg)
Fuzz Testing Project
We will have one larger programming projectBuilding a tool for automated security testingMore info next week
![Page 6: Engineering Secure Software. Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,](https://reader036.vdocument.in/reader036/viewer/2022072016/56649ee85503460f94bf98fa/html5/thumbnails/6.jpg)
Case Study Choose a large software project to study
Source code must be available (>10k SLOC) Domain must have security risks History of vulnerabilities must be available Instructor approved
Paper with chapters on: Security risks of the domain Design risks Code inspection results
Iterative paper writing Multiple submissions You are graded on the content and how you react to my feedback