Time and Location: 10-10:50am, SL407

Description: An introduction to the pitfalls and practices of building secure software applications. Topics include secure software development, defensive programming, web security, threat-modeling and human-computer interaction issues that affect security. The course focuses on the application level with minor attention to operating-system level security; network-level security will not be covered. Assignments will involve uncovering security holes in software, implementing secure applications, and presenting on a case study or security technology. The course is intended for upper-level Computer Science majors who expect to be writing applications with a security component. All students will be required to sign a pledge of responsible conduct at the start of the course.

Recommended Background: CS3733 and CS3013 or their equivalents are essential. The course assumes nontrivial experience with C and Unix, familiarity with operating systems and filesystems, and experience with web technologies used to create interactive applications (either through Webware or personal experience). Basic understanding of client-server architectures would be helpful.

Comic from xkcd