1 / 8

Course overview

Engineering Secure Software. Course overview. Vulnerability of the Day. Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid, detect, and mitigate the issue Most will link to the Common Weakness Enumeration http://cwe.mitre.org.

makani
Download Presentation

Course overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Engineering Secure Software Course overview

  2. Vulnerability of the Day • Each day, we will cover a different type of code-level vulnerability • Usually a demo • How to avoid, detect, and mitigate the issue • Most will link to the Common Weakness Enumeration • http://cwe.mitre.org

  3. In-Class Activities • Most days, we will cover a tool or technique • Many activities are interactive and collaborative in nature • …so attendance is necessary • Activities are for learning • Formative feedback, not summative • No submissions (usually) – instructor checks in class • Exams will have questions about those activities

  4. Exams • Exam 1, Exam 2, & Final exam • Closed book • Closed computer • Covers lecture material, VotD, textbook, and activities

  5. Fuzz Testing Project • We will have one larger programming project • Building a tool for automated security testing • More info next week

  6. Case Study • Choose a large software project to study • Source code must be available (>10k SLOC) • Domain must have security risks • History of vulnerabilities must be available • Instructor approved • Paper with chapters on: • Security risks of the domain • Design risks • Code inspection results • Iterative paper writing • Multiple submissions over the quarter • You are graded on the content and how you react to my feedback

  7. Case Study Ideas • Tomcat • MySQL • PostGreSQL • Linux kernel • PHP • Ruby • Ruby on Rails • Hibernate • Wireshark • Wordpress • Firefox • Chromium • Drupal • MediaWiki • Apache httpd • Android • Java • X Windows • Gnome • KDE • Thunderbird • PHPMyAdmin • RT • Django • OpenSSL • VLC • Samba • Quagga • Joomla • GLibC • OpenMRS • Pidgin

  8. For Next Time • Get into groups of 3 for the case study • If need be, we can have one or two pairs • Use your GoogleDocs@RIT account • Create a Collection named “SE331 X” where X is your case study (you can rename it if you change) • Add andy.meneely@gmail.com as an editor • Due 2-1 • Case study proposal (see website)

More Related