Lecturer: Eduardo R. B. Marques
Class schedule: Thursday, 14:00 - 17:00
Questions & announcements: Piazza
> Aims & expected learning outcomes
QSES provides an introduction to secure software development. Students learn how to make use of core principles, techniques, and tools for secure software engineering to prevent/detect/fix some of the most common classes of software security vulnerabilities. These skills are exercised through project assignments.
Security & software engineening
- Introductory concepts.
- Principles & pitfalls in secure software design.
- Security touchpoints in the software development life-cycle.
Building security in - techniques and tools for secure software development & validation, including:
- Input validation.
- Secure programming idioms.
- Security-oriented code reviews using static program analysis.
- Security-oriented program testing.
Handling of common security vulnerabilities, including:
- Injection (commands, code, SQL, ...).
- Buffer overflows.
- Web application specific vulnerabilities (XSS, CSRF, ...).
- Information flow & leakage.
- Concurrency-related vulnerabilities.
- 60 %: final exam.
- 40 %: project assignments.