CIS 4930, Fall 2018
Secure Coding
Announcements
Final grades are posted in Canvas.
Course materials
Grades
Please use Canvas to check your grades.
Schedule (filled in as the semester progresses)
| Week | Dates | Topics | Textbook Reading |
|---|---|---|---|
| 1 | 08/20, 08/22 | Introduction; Definitions (policy, mechanism, enforcement, property) | 1.1-1.9 |
| 2 | 08/27, 08/29 | Definitions (safety, liveness, CIA); Unenforceability; Test I | Class notes |
| 3 | 09/05 | Review | Class notes |
| 4 | 09/10, 09/12 | Threats; Test II | 2.1-2.9 |
| 5 | 09/17, 09/19 | Tradeoffs; Secure Design; Access Control; Authentication; Authorization | 3.1-3.9, Appendix A |
| 6 | 09/24, 09/26 | Segmentation; Buffer overflows; Test III | 5.1-5.3, 6.1-6.5 |
| 7 | 10/01, 10/03 | StackGuard; ASLR; CFI; Type safety; Format string attacks | 6.6 |
| 8 | 10/08, 10/10 | Format string attacks; Integer overflow attacks; Test IV | Class notes |
| 9 | 10/15, 10/17 | Networking and communications; TCP/IP and OSI layered architectures; Protocols; DoS | Class notes |
| 10 | 10/22, 10/24 | Firewalls; IDSs; Web applications; Client-state manipulation; Test V | 7.1-7.4 |
| 11 | 10/29, 10/31 | OWASP Top 10; Databases; Information management; SQL queries | Class notes |
| 12 | 11/05, 11/07 | SQL injection attacks; Test VI | 8.1-8.2 |
| 13 | 11/14 | Code injections; XSS | Class notes |
| 14 | 11/19 | XSS; Symmetric cryptography; Ciphers | Class notes |
| 15 | 11/26, 11/28 | Test VII (on 11/26); Asymmetric cryptography; Diffie-Hellman; RSA; Signatures; MACs; Password management | 9.1-9.6 |
| Final | 12/03 | Final Exam, 3-5pm | All tests are cumulative |