Developing Secure Software

General Material

1. Syllabus (NEW August 12 2022)
2. Ubiquitous Presenter Lecture Notes
3. Ubiquitous Presenter Interactive Tutorial
4. Article Summary Assignment (NEW August 12 2022)
5. Article 1 Submission Page
6. Article 2 Submission Page
7. Article 3 Submission Page

Exam Information

1. Midterm Exam Review Sheet (NEW August 12 2022)
2. Final Exam Review Sheet (NEW August 12 2022)

Lectures

1. Week 1 Lecture 1 Introduction: What is the Security Problem and How will we deal with it. (NEW August 12 2022)
2. Week 1 Lecture 2 Secure Software Concepts (pgs 1-28) (NEW August 12 2022)
3. Week 2 Lecture 1 Software Security Touchpoints (pgs. 29-73) (NEW August 12 2022)
4. Week 2 Lecture 2 Security Requirements (pgs 79-110) (NEW August 12 2022)
5. Week 3 Lecture 1 Security Requirements Elicitation (pgs. 110-121) (NEW August 12 2022)
6. Week 3 Lecture 2 Basic Design Principles (pgs. 127-147) (NEW August 12 2022)
7. Week 4 Lecture 1 Threat Modeling: Who will attack us and why? (Handout) (NEW August 12 2022)
8. Week 4 Lecture 2 Design: Enforcing the Principle of Least Privilege (pgs. 148-191) (NEW August 12 2022)
9. Week 5 Lecture 1 Design Aspects (Architecture) (pgs 192-227) (NEW August 12 2022)
10. Week 5 Lecture 2 Design Aspects (Architecture) (pgs 192-227) (NEW August 12 2022)
11. Week 6 Lecture 1 Catch Up (NEW August 12 2022)
12. Week 6 Lecture 2 Midterm Exam
13. Week 7 Lecture 1 Code Review with a Tool: Detecting out implementation mistakes (NEW August 12 2022)
14. Week 7 Lecture 1 Secure Software Implementation and Coding (pgs 233-295) (NEW August 12 2022)
15. Week 8 Lecture 1 Secure Software Testing (pgs 323-343) (NEW August 12 2022)
16. Week 8 Lecture 2 Secure Software Testing, Part 2 (pgs 344-361) (NEW August 12 2022)
17. Week 9 Lecture 1 Software Acceptance (pgs 367-398)
18. Week 9 Lecture 1 Secure Software Deployment (pgs 403-441) (NEW August 12 2022)
19. Week 9 Lecture 1 Secure Software Deployment (Raw ppts)(pgs 403-441) (NEW August 12 2022)
20. Week 10 Lecture 1 The SAMATE Project (NEW August 12 2022)
21. Week 10 Lecture 1 The SAMATE Project (Raw ppts) (NEW August 12 2022)
22. Week 10 Lecture 2 Wrapup and Final Exam Review

Labs

1. Lab 1: Asset Identification (NEW August 12 2022)
• Lab 1 submission page
2. Lab 2: The SQUARE Process (NEW August 12 2022)
• SQUARE Output Examples (NEW August 12 2022)
• Lab 2 submission page
3. Lab 3: Misuse Case Definition (NEW August 12 2022)
• Lab 3 submission page
4. Lab 4: Threat Modelling (NEW August 12 2022)
• Microsoft Threat Modelling Tool
• Getting Started with Threat Modelling
• Lab 4 submission page
5. Lab 5: Elevation of Privilege Game (NEW August 12 2022)
• Elevation of Privilege (EoP) Threat Modeling Card Game
• Lab 5 submission page
6. Lab 6: Proxies at the Casino Royale and Books of Insecurity (NEW August 12 2022)
• Webscarab proxy software
• Hackme Casino Installation Download
• Hackme Casino Tutorial Guide
• Hackme Books Installation Download
• Hackme Books Windows Installer
• Hackme Books Tutorial Guide
• Lab 6 submission page
7. Lab 7: Of Bugs and Finding Them (NEW August 12 2022)
• Hackme Books Source Code
• Fortify Static Analysis Tool Installer
• Fortify Static Analysis Tool License File
• Newsest Version Fortify Static Analysis Tool Installer
• Lab 7 submission page
8. Lab 8: Penetration testing and Finding What is out there (NEW August 12 2022)
• NMAP Download
• Metasplotable Virual Machine for VMWare
• Virtual Machien to use to attack Metasploitable Machine (user: student, pwd cs3841)
• VirtualBox Player Download
• Lab 8 submission page
9. Lab 9: Fuzz Testing (NEW August 12 2022)
• Lab 9 submission page

Videos

1. Elevation of Privilege (EoP) Threat Modeling Card Game
2. Microsoft SDL Threat Modeling Tool