Upload File

engineering secure software. vulnerability of the day each day, we will cover a different type of...

  • Home
  • Documents
  • Engineering Secure Software. Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,
6
COURSE OVERVIEW Engineering Secure Software

Upload: josephine-warner

Post on 02-Jan-2016

212 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Engineering Secure Software. Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,

COURSE OVERVIEWEngineering Secure Software

Page 2: Engineering Secure Software. Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,

Vulnerability of the Day

Each day, we will cover a different type of code-level vulnerabilityUsually a demoHow to avoid, detect, and mitigate the issue

Most will link to the Common Weakness Enumerationhttp://cwe.mitre.org

http://cwe.mitre.org/
Page 3: Engineering Secure Software. Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,

In-Class Activities Most days, we will cover a tool or technique

Many activities are interactive and collaborative in nature…so attendance is necessary

Activities are for learningFormative feedback, not summativeNo submissions (usually) – instructor checks in

classExams will have questions about those activities

Page 4: Engineering Secure Software. Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,

Exams

Exam 1, Exam 2, & Final exam

Closed book Closed computer Covers lecture material, VotD, textbook,

and activities

Page 5: Engineering Secure Software. Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,

Fuzz Testing Project

We will have one larger programming projectBuilding a tool for automated security testingMore info next week

Page 6: Engineering Secure Software. Vulnerability of the Day Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,

Case Study Choose a large software project to study

Source code must be available (>10k SLOC) Domain must have security risks History of vulnerabilities must be available Instructor approved

Paper with chapters on: Security risks of the domain Design risks Code inspection results

Iterative paper writing Multiple submissions You are graded on the content and how you react to my feedback


STUNN - Demo Day // Presentation

Imago demo day storyboard

Postling Demo Day

AppFollow Demo Day ФРИИ

Startup Braga - Demo Day

Demo Day 071014

Floqq - 500Startups Demo Day

DreamBox Demo Day Webinar

BuildingLayer demo day slide deck

TechStars Demo Day 2009

BSB Demo Day - Pletschacher - Evaluationswerkzeuge

Tutkimusparvi at Mlab Demo Day

StartupYard 2013 Demo Day - Handout

PeaZy - Demo Day presentation

HighScoreHouse - 500Startups Demo Day

Sematools #TiEBootcamp Demo Day Pitch

BrandBoards demo day pitch deck

ViralGains Demo Day Presentation

BSB Demo Day - Mühlberger - Dokumentstrukturanalyse

cybersecurity dictionary · ZERO-DAY VULNERABILITY Or zero-day attacks take advantage of a security vulnerability on the same day that the vulnerability becomes publicly known (zero-day)

Daily rounds ny demo day

Treashare #TiEBootcamp Demo day pitch

BSB Demo Day - Zechmeister - Bildoptimierung

Demo day rockstars!

Vulnerability of the Day

StockViews Demo Day presentation

Xoom park demo day presentation3

Posters - Demo Day Announcement

Demo Day #4 rockstars!

Demo Day Playbook

ENISA Presentación Tech Demo Day

QRcao Demo Day Keynote

Super demo day decks

StartupYard 2012 Demo Day - Handout

StartupYard 2012 Demo Day - Spectu