CNT 4419, Fall 2023
Secure Coding
Announcements
Final grades are posted on Canvas.
Course materials
Useful Links
Please use Canvas to check your grades.
Schedule (filled in as the semester progresses)
| Week | Dates | Topics | Textbook Reading |
|---|---|---|---|
| 1 | 08/21, 08/23 | Introduction; Definitions (policy, mechanism, enforcement) | Chapter 1 |
| 2 | 08/28 | Definitions (property, CIA, safety, liveness) | Optional: Enforceable Security Policies |
| 3 | 09/06 | Definitions (property, CIA, safety, liveness) | Class notes |
| 4 | 09/11, 09/13 | Definitions; (Un)Enforceability; Test I (on 09/13) | Class notes |
| 5 | 09/18, 09/20 | Review; Unenforceability; Threats | Class notes |
| 6 | 09/25, 09/27 | Threats; Tradeoffs; Secure design | Chapters 2-3, Appendix A |
| 7 | 10/02, 10/04 | Secure design; Access control; Buffer overflows | Chapters 5-6 |
| 8 | 10/09, 10/11 | Buffer overflows; Test II on 10/11 | Class notes |
| 9 | 10/16, 10/18 | Review; Buffer overflows | Class notes |
| 10 | 10/23, 10/25 | Buffer overflows; Format-string and integer-overflow attacks | Class notes |
| 11 | 10/30, 11/01 | Networking and communications; Protocols; DoS; Firewalls; IDSs | Class notes |
| 12 | 11/06, 11/08 | Web applications; Client-state manipulation; Test III on 11/08 | Chapter 7 |
| 13 | 11/13, 11/15 | Review; Client-state manipulation; CSRFs; Databases; Information management | Class notes |
| 14 | 11/20, 11/22 | SQL; SQL-injection attacks | Chapter 8 |
| 15 | 11/27, 11/29 | SQL-injection attacks; XSS; Cryptography; Password management | Class notes |
| Final | 12/04 | Final Exam, 3-5pm | All tests and exam are cumulative |