CNT 4419, Spring 2026
Secure Coding
Announcements
Assignments 3 and 4 are due on 5/3. The final exam will be on 5/6 at 12:30-2:30pm.
Course materials
Useful Links
Please use Canvas to check your grades.
Schedule (filled in as the semester progresses)
| Week | Dates | Topics | Textbook Reading |
|---|---|---|---|
| 1 | 1/12, 1/14 | Introduction; Definitions (policy, mechanism, enforcement) | Chapter 1 |
| 2 | 1/21 | Definitions (trace, program, policy, property) | Optional: Enforceable Security Policies |
| 3 | 1/26, 1/28 | Definitions (property, CIA, safety, liveness) | Class notes |
| 4 | 2/02, 2/04 | Definitions (safety, liveness, unenforceability); Threats | Class notes |
| 5 | 2/09, 2/11 | Threats; Tradeoffs; Test 1 on 2/11 | Chapter 2 |
| 6 | 2/16, 2/18 | Review; Secure design | Chapter 3, Appendix A |
| 7 | 2/23, 2/25 | Secure design; Access control; Buffer overflows | Chapter 5 |
| 8 | 3/02, 3/04 | Buffer overflows | Chapter 6 |
| 9 | 3/09, 3/11 | Buffer overflows; Test 2 on 3/11 | Class notes |
| 10 | 3/23, 3/25 | Format-string and integer-overflow attacks | Class notes |
| 11 | 3/30, 4/01 | Other memory-corruption vulnerabilities; Networking and communications; Protocols; DoS | Class notes |
| 12 | 4/06, 4/08 | DoS; Firewalls; IDSs; Web applications; Client-state manipulation | Chapter 7 |
| 13 | 4/13, 4/15 | CSRFs; Databases; Information management; SQL; Test 3 on 4/15 | Class notes |
| 14 | 4/20, 4/22 | SQL; Injection attacks | Chapter 8 |
| 15 | 4/27, 4/29 | SQL-injection attacks; XSS; Cryptography | Class notes |
| Final | 5/06 | Final Exam, 12:30-2:30pm | All tests, quizzes, and exam are cumulative |