Lecture/Date

Topics

Slides

Week 1: Jan 9

Class Cancelled (Out of Town)

Week 2: Jan 16

Introduction

Secure Software Development Models/Methods

(Lecture 1)

(Source Related Reading Materials)

Week 3: Jan 23

Secure Software Development Models/Methods

(Discuss the projects)

(Continued from last lecture)

Week 4: Jan 30

 

Building Security In

(Source: "Software Security" by Gary McGraw - available through Safari for Pitt students)

(Presentation of initial Project idea)

Week 5: Feb 6

(continue Lecture 2) +

Buffer overflow: Strings/ Integer/Pointers   

(Source:  "Secure Coding in C/C++" by Robert Seacord: Chap 2)

[Finished till Arc Injection]

Week 6: Feb 13

File I/O and Race conditions

(Source:  "Secure Coding in C/C++" by Robert Seacord: Chap 7)

Week 7: Feb 20

Dynamic Memory Management

(Source:  "Secure Coding in C/C++" by Robert Seacord: Chap 4)

(Half a day - University closed because of snow)

Week 8: Feb 27

(Continue Lecture 4-5)

Week 9: Mar 6

Spring Break

Week 10: Mar 13

(Continue Lecture 5)

(Finished Lecture 5 - finally)

(Lecture 6)

Week 11: Mar 20

Integer Security (Lecture 6)

Pointer Subterfuge

(Source:  "Secure Coding in C/C++" by Robert Seacord: Chap 4, 5)

Week 12: Mar 27

Lecture 7 (to be read by students) + Discussion on Project

Week 13: Apr 3

Update/Discussion on the Class Project  (Shortened the class)

Extra Class: Apr 5

Presentations

Michael, Thaier

Craig, Nathan

Week 14: Apr 10

Presentations (Continued)

Project Discussion

Chirayu

Week 15: Apr 17

Java Security

(From "Enterprise Java Security .." by Pistoia et a.)

Week 16: Apr 24

Java Security + Web Services Security

Formal Verification

 

(The two semester-wide projects will be evaluated)

(Lecture 9)

(Lecture 10)

Readings

Paper1; Paper2; Paper3