Class Schedule

Date Week Lecture Topics Activity Vulnerability of the Day Due or Released Reading
Aug 28–Sep 1 1 Course Overview, What is Secure? Integer overflow
Sep 4 No Class: Labor Day
Sep 6,8 2 Requirements: misuse & abuse cases, security requirements. Abuse & Misuse cases; Web applications SQL injection, XSS McGraw ch. 8
Sep 11–15 3 Planning: risk assessment, test planning 12-minute test plans Buffer Overflow, Cross-site request forgery
Sep 18–22 4 Design: threat modeling, distrustful decomposition Threat modeling (e.g. Feedly.tm4) OS command injection Fuzzer project released McGraw ch. 2,7
Sep 25–29 5 Implementation: defensive coding practices Log overflow, Path traversal Fuzzer round 0: Log in to DVWA. Due Wednesday by class
Oct 2–6 6 (Catch up) Exam 1 Last class meeting of the week
Study Guide
Fuzzer round 1: discover command. Due Friday at 11:59 PM.
Exam 1 Takehome portion (see myCourses).
McGraw ch. 5
Oct 9 No Class: October Break
Oct 11,13 7 File system permissions, Code inspections Go over exam
File permission activity
Code inspection activity
Hardcoded credentials, Embedded DTDs
Oct 16–20 8 Work on History Project Log neutralization, Open Redirect Fuzzer round 2: test command. Due Monday by class.
Release History project
Oct 23–27 9 Cryptography: authentication, public-key, symmetric key; SSH activity Hashing without salt
  • History Round 1 (Research) due Wednesday by class.
McGraw ch. 4, Salting
Oct 30–Nov 3 10 Cryptography: SSH, SSL, PGP, side-channel attacks; Poor PRNG Seed Protection, Insecure PRNG Algorithms
  • History Round 2 (Review) due Monday by class.
  • History Round 2 (Reaction to Reviews) due Friday by class.
  • Case study proposal due by Friday by class.
Nov 6–10 11 Deployment & Distribution: patching, security managers Java security manager Java reflection abuse Domain and history analysis due Saturday 11:45 pm. VIDEO: How to find vulnerability fixes and introductions with git McGraw ch. 6
Nov 13–17 12 Vulnerability Assessment: CVSS, CWSS Assessment Activity Cache poisoning, Time of Check Time of use Peer Review of Ch 1 due Friday 11:45 pm McGraw ch. 12
Nov 20 13 Exam 2 - First weekly meeting.
Study Guide
Compression bombs (after exam)
Nov 22,24 No Class: Thanksgiving
Nov 27–Dec 1 14 Team Design, Usable Security Go over exam
Usability activity
CERT activity
Uncontrolled format string Design analysis due Tuesday 11:45 pm
Peer Review of Ch 2 due Saturday 11:45 pm
McGraw ch. 9
Dec 4–8 15 Case Study Lightning Talks Final draft due Wednesday 11:45 pm
Dec 11 16 Case Study Lightning Talks
Final Exam: Dec 13, 12:30–2:30pm. GOL-1520