Home Program of Study Faculty Resources Conferences Outreach Security

CSC 436 Secure Programming

Instructor: Dr. Sviatoslav Braynov

Catalog Description: The course introduces the secure software development process including designing secure applications, writing secure code that can withstand attacks, and security testing and auditing. It focuses on the security issues a developer faces, common security vulnerabilities and flaws, and security threats. The course explains security principles, strategies, coding techniques, and tools that can help make code more resistant to attacks. Students will write and analyze code that demonstrates specific security development techniques.

Course objectives: Upon completion of this course, students will be able to:

  • Understand the basics of secure programming.
  • Understand the most frequent programming errors leading to software vulnerabilities.
  • Identify and analyze security problems in software
  • Understand and protect against security threats and software vulnerabilities
  • Effectively apply their knowledge to the construction of secure software systems

Textbooks:

  • J. Viega, M. Messier. Secure Programming Cookbook, O'Reilly, 2003.
  • M. Howard, D. LeBlanc. Writing Secure Code, Microsoft, second edition, 2002.
  • J. Viega, G. McGraw. Building Secure Software, Addison Wesley, 2002.

Course Outline:

  • Introduction to software security
  • Managing software security risk
  • Selecting software development technologies
  • An open source and closed source
  • Guiding principles for software security
  • Auditing software
  • Buffet overflows
  • Access control
  • Race conditions
  • Input validation
  • Password authentication
  • Randomness and determinism
  • Anti-tampering
  • Protecting against denial of service attack
  • Copy protection schemes
  • Client-side security
  • Database security
  • Applied cryptography

Method of Instruction: Lectures by the instructor, hands-on laboratories. A final laboratory project will be completed by each student. A UIS Blackboard website will be developed for the course. The site will include PowerPoint slides, URL links to related material, articles, class announcements, a student discussion area, the course syllabus, test dates, labs, projects, answers, reviews, and other information.

Evaluation methods: Tests, projects, and quizzes will be given. Grades will be assigned on a percentage basis for the following areas:

  • programming assignments - 35%
  • quizzes - 15%
  • midterm test - 25%
  • final test - 25%
Home Program of Study Faculty Resources Conferences Outreach Security
Copyright 2008 © University of Illinois at Springfield