home button

CNT 4419, Fall 2020
Secure Coding

Announcements

Final grades are posted on Canvas.

Course materials

Syllabus

Schedule (filled in as the semester progresses)

Week Dates Topics Reading
1 08/24, 08/26 Introduction, Definitions, Access control, CIA Textbook Chapter 1
2 08/31, 09/02 (daily quizzes begin) Policies, Properties, Mechanisms, Enforcement Enforceable Security Policies
3           09/09 Safety, Liveness Enforceable Security Policies
4 09/14, 09/16 Safety, Liveness, (Un)Enforceability §1-4, 8 of MRAs
5 09/21, 09/23 Security quantification, Threats, Tradeoffs (1) A Theory of Gray Security Policies
(2) Textbook Chapter 2
6 09/28, 09/30 Secure design Textbook Chapters 2-3
7 10/05, 10/07 Buffer overflows; Type safety (1a) Textbook Chapters 5-6
(1b) 2020 CWE Top 25 Most Dangerous Software Weaknesses
(2) StackGuard
8 10/12, 10/14 Buffer-overflow, format-string, and integer-overflow attacks (1) §1-5 of CFI
(2) Textbook Chapter 6
9 10/19, 10/21 Networking and communications; Protocols; DoS (1) Internet Protocol Suite
(2a) Handshaking
(2b) OSI Model
10 10/26, 10/28 Firewalls; IDSs; Web applications Textbook Chapter 7
11 11/02, 11/04 Client-state manipulation; CSRF Textbook Chapter 7
12 11/09 OWASP Top 10; Databases; Information management; SQL (1) OWASP Top 10
(2) SQL Tutorial
13 11/16, 11/18 SQL injection attacks (1) Textbook Chapter 8
(2) Defining Injection Attacks
14 11/23 SQL injection attacks; XSS SQL-IDIAs
15 11/30, 12/02 Cryptography Class notes