Class Schedule

Key:
Date Week Lecture Topics Activity Vulnerability of the Day Due or Released Reading
Jan 17, 19 1 Course Overview, What is Secure? Integer overflow CWE-190
Jan 22-26 2 Requirements: misuse & abuse cases, security requirements. Abuse & Misuse cases; Web applications SQL injection, XSS McGraw ch. 8, CWE-79, CWE-89
Jan 29 - Feb 2 3 Planning: risk assessment, test planning 12-minute test plans Buffer Overflow, Cross-site request forgery Fuzzer project released CWE-352, CSRF description, CWE-120
Feb 5 - 9 4 Design: threat modeling, distrustful decomposition Threat modeling (e.g. Feedly.tm4) OS command injection McGraw ch. 2,7, CWE-78
Feb 12 - 16 5 Implementation: defensive coding practices Log overflow, Path traversal Fuzzer round 0: Log in to DVWA. Due Monday by class
Feb 19 - 23 6 Exam 1 Wed Feb 21
Study Guide
Fuzzer round 1: discover command. Due Monday by class.
Exam 1 Takehome portion (see myCourses).
McGraw ch. 5
Feb 26 - Mar 2 7 File system permissions, Code inspections Go over exam
File permission activity
Code inspection activity
Hardcoded credentials, Embedded DTDs Fuzzer round 2: test command. Due Monday by class.
Final Exam:
Section 1: May 2, 8:00am - 10am (GOL-1650)
Section 2: May 4, 10:15am - 12:15pm (GOL-1550)