Instructor: Professor Kathi Fisler

Time and Location: 2-2:50pm, FL320

Description: An introduction to the pitfalls and practices of building secure software applications. Topics include security architectures, access-controls and authentication, defensive programming, web security, threat-modeling, and human-computer interaction issues that affect security. The course focuses on the application level with only minor attention to operating-system level security; network-level security will not be covered. Assignments will involve uncovering security holes in software, implementing secure applications, and presenting on a case study or security technology. The course is intended for upper-level Computer Science majors who expect to be writing applications with a security component. All students will be required to sign a pledge of responsible conduct at the start of the course.

Expected Background: CS3733 and CS3013 or their equivalents are essential. The course assumes nontrivial experience with C and Unix, familiarity with operating systems and filesystems, and experience with web technologies used to create interactive applications (either through Webware or personal experience). Basic understanding of client-server architectures is helpful.

Comic from xkcd