Developing Secure Software


General Material

  1. Syllabus (NEW September 8 2015)
  2. Ubiquitous Presenter Lecture Notes
  3. Ubiquitous Presenter Interactive Tutorial
  4. Article Summary Assignment (NEW September 8 2015)
  5. Article 1 Submission Page
  6. Article 2 Submission Page
  7. Article 3 Submission Page

Exam Information

  1. Midterm Exam Review Sheet (NEW September 8 2015)
  2. Final Exam Review Sheet (NEW September 8 2015)

Lectures

  1. Week 1 Lecture 1 Introduction: What is the Security Problem and How will we deal with it. (NEW September 8 2015)
  2. Week 1 Lecture 2 Secure Software Concepts (pgs 1-28) (NEW September 8 2015)
  3. Week 2 Lecture 1 Software Security Touchpoints (pgs. 29-73) (NEW September 8 2015)
  4. Week 2 Lecture 2 Security Requirements (pgs 79-110) (NEW September 8 2015)
  5. Week 3 Lecture 1 Security Requirements Elicitation (pgs. 110-121) (NEW September 8 2015)
  6. Week 3 Lecture 2 Basic Design Principles (pgs. 127-147) (NEW September 8 2015)
  7. Week 4 Lecture 1 Threat Modeling: Who will attack us and why? (Handout) (NEW September 8 2015)
  8. Week 4 Lecture 2 Design: Enforcing the Principle of Least Privilege (pgs. 148-191) (NEW September 8 2015)
  9. Week 5 Lecture 1 Design Aspects (Architecture) (pgs 192-227) (NEW September 8 2015)
  10. Week 5 Lecture 2 Design Aspects (Architecture) (pgs 192-227) (NEW September 8 2015)
  11. Week 6 Lecture 1 Catch Up (NEW September 8 2015)
  12. Week 6 Lecture 2 Midterm Exam
  13. Week 7 Lecture 1 Code Review with a Tool: Detecting out implementation mistakes (NEW September 8 2015)
  14. Week 7 Lecture 1 Secure Software Implementation and Coding (pgs 233-295) (NEW September 8 2015)
  15. Week 8 Lecture 1 Secure Software Testing (pgs 323-343) (NEW September 8 2015)
  16. Week 8 Lecture 2 Secure Software Testing, Part 2 (pgs 344-361) (NEW September 8 2015)
  17. Week 9 Lecture 1 Software Acceptance (pgs 367-398)
  18. Week 9 Lecture 1 Secure Software Deployment (pgs 403-441) (NEW September 8 2015)
  19. Week 9 Lecture 1 Secure Software Deployment (Raw ppts)(pgs 403-441) (NEW September 8 2015)
  20. Week 10 Lecture 1 The SAMATE Project (NEW September 8 2015)
  21. Week 10 Lecture 1 The SAMATE Project (Raw ppts) (NEW September 8 2015)
  22. Week 10 Lecture 2 Wrapup and Final Exam Review

Labs

  1. Lab 1: Asset Identification (NEW September 8 2015)
  2. Lab 2: The SQUARE Process (NEW September 8 2015)
  3. Lab 3: Misuse Case Definition (NEW September 8 2015)
  4. Lab 4: Threat Modelling (NEW September 8 2015)
  5. Lab 5: Elevation of Privilege Game (NEW September 8 2015)
  6. Lab 6: Proxies at the Casino Royale and Books of Insecurity (NEW September 8 2015)
  7. Lab 7: Of Bugs and Finding Them (NEW September 8 2015)
  8. Lab 8: Penetration testing and Finding What is out there (NEW September 8 2015)
  9. Lab 9: Fuzz Testing (NEW September 8 2015)

Videos

  1. Elevation of Privilege (EoP) Threat Modeling Card Game
  2. Microsoft SDL Threat Modeling Tool