Secure Coding mailing list archives

University lecture on Sec Sw Eng online

From: rcs at cert.org (Robert C. Seacord)
Date: Fri, 03 Aug 2007 09:06:01 -0400


In an off-line conversation, Holger suggested I put up a pointer to the
undergraduate course in "Secure Programming" I offered this past spring
in the School of Computer Science at CMU:

https://www.securecoding.cert.org/confluence/display/sci/15392+Secure+Programming

This course probably overlaps  somewhat with Holger's Secure Coding
lectures but also contains additional material.

The course uses the Addison-Wesley book "Secure Coding in C and C++" as
a text.

rCs

I recently completed a lecture on secure software engineering,
and I guess there a quite a few people on this list who could
make use of some of the material, whether for their own presentations
or simply for teaching themselves.

The lecture was given at Kaiserslautern University of Technology as 
12 lessons of 90 minutes (each comprising about 35 slides) in English; 
note that the accompanying student exercise problems are in German,
however. 
The chapters (of varying length, as indicated by their mapping to
lessons) 
are as follows:

01    IT Security and Software Security
02    Fundamental Notions and Definitions
03a   Vulnerabilities and Attacks (Part 1)
03b   Vulnerabilities and Attacks (Part 2) 
04    Security in the Software Development Process
05    Security Requirements Elicitation 
06    Threat Analysis
07a   Security in Architecture and Design (Part 1)
07b   Security in Architecture and Design (Part 2)
08a   Secure Coding (Part 1) 
08b   Secure Coding (Part 2)
09    Quality Assurance
10, 11, 12 Process Models, Usability, and Conclusions 

You can find all the material at
http://www.iese.fraunhofer.de/lectures/peine/materialcourse/

This was the first iteration of my first self-designed lecture; it is 
certainly not perfect yet (in fact I already have some improvements
sketched for the next iteration, such as reorganizing the process
material), so criticism is welcome. 

I know of few comparable lectures world-wide, i.e. university lectures
covering 
security specifically from a software engineering viewpoint; so far, I'm
aware of the lectures by Pascal Meunier at Purdue and by Dieter Gollmann

at Hamburg-Harburg;  if you know of any others, I'd be glad to hear
about 
those, too.

Kind regards from Germany,
Holger Peine



-- 
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC 

Work: 412-268-7608
FAX: 412-268-6989

Current thread:

University lecture on Sec Sw Eng online Holger.Peine at iese.fraunhofer.de (Aug 01)
- University lecture on Sec Sw Eng online Rafael Ruiz (Aug 01)
- University lecture on Sec Sw Eng online Robert C. Seacord (Aug 03)
- University lecture on Sec Sw Eng online pmeunier (Aug 23)