Secure Coding mailing list archives
Re: Strategies for teaching secure coding practices
From: Jose Nazario <jose () monkey org>
Date: Fri, 12 Dec 2003 17:53:49 +0000
On Fri, 12 Dec 2003, Carl G. Alphonce wrote:
I am a recent subscriber to this list and also an educator. I teach primarily undergraduate courses, often the first and second semester courses, and I am very interested to hear from the list what you all consider to be important "secure coding" topics to cover in these first-year classes.
safe string handling routines. don't teach sprintf(), teach snprintf(). etc etc etc ... ignore unsafe routines in favor of teaching safe routines as the default, and teach the caveats, too (sizeof() a pointer vs strlen()). default to using u_int as a counter type (ie u_int i; for(i = 0; i < MAX_SIZE; i++) {...}). these little things add up. you can't hope that anyone will ever do anything long-term when you teach it as an afterthought. have students audit eachothers code. have students test eachother's applications (ie input letters into a calculator, what happens?).
Also, what topics to you feel should be covered in an undergraduate curriculum but later than the first year?
analysis of existing designs, new designs with security in mind, auditing techniques, etc ... remember: security flaws are a subset of bugs where you introduce new (and unexpected) functionality. ___________________________ jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose/ http://infosecdaily.net/
Current thread:
- Strategies for teaching secure coding practices Carl G. Alphonce (Dec 12)
- Re: Strategies for teaching secure coding practices Jose Nazario (Dec 12)
- Re: Strategies for teaching secure coding practices Keith Watson (Dec 12)
- Re: Strategies for teaching secure coding practices Steve Litt (Dec 12)
- Re: Strategies for teaching secure coding practices Andrew Gray (Dec 12)
- Re: Strategies for teaching secure coding practices David Evans (Dec 12)
- Re: Strategies for teaching secure coding practices Dana Epp (Dec 12)
- Re: Strategies for teaching secure coding practices Crispin Cowan (Dec 12)
- RE: Strategies for teaching secure coding practices David Crocker (Dec 13)
- Re: Strategies for teaching secure coding practices Crispin Cowan (Dec 13)
- RE: Strategies for teaching secure coding practices David Crocker (Dec 14)
- Re: Strategies for teaching secure coding practices Brian Chess (Dec 14)
- RE: Strategies for teaching secure coding practices David Crocker (Dec 13)