CS 4401 (A12): Software Security Engineering
Class and Reading Schedule

Home | Staff | Syllabus | Assignments | MyWPI | Policies


Texts

Given the wealth of information online about security, we will not have a textbook for this class. Our readings will come from a combination of papers, blogs, tutorials, and other online sources.

That said, there are some excellent reference books out there. I particularly like Ross Anderson's Security Engineering (first edition available online). For web security, check out Dafydd Studdard and Marcus Pinto's Web Application Hacker's Handbook. OWASP's WebGoat project offers self-guided lessons on web application security. In general, OWASP has a host of useful summaries on attacking, finding, and preventing web application vulnerabilities.


Class Schedule

Highlighted readings should be done before class. Other readings provide additional information that might help with assignments or for those interested in the topic.

Aug 23: Course Overview

Readings:

Aug 24: SQL Injection

Readings:

Aug 27: Cross-Site Scripting

Readings:

Handouts:

Aug 28: Request Forgery

Readings:

Handouts:

Aug 30: Clickjacking

Readings:

Aug 31: "Think Like a Thief" Day

Readings:

Handouts:

Sept 3: Labor Day Holiday (No Class)

Sept 4: Threat Modelling

Readings:

Handouts:

Sept 6-10: Cryptography

Readings:

Sept 11-13: Session Management

Readings:

Sept 13-14: Authentication and Identity

Readings:

Sept 14: Passwords

Readings: [Starred readings cover class material, others for interest/edification]

Contributions from the Class:

Sept 17: Attacking C Code

Readings:

Sept 18: Robust C Programming

Readings:

Sept 20: Access Control

Readings:

Handouts:

Sept 21: Capabilities

Readings:

Handouts:

Sept 24-25: Usability

Readings:

Sept 27: Social Engineering

Readings:

October 1: Network Security (Guest Lecture, Phil Deneault, WPI Chief Information Security Officer)

October 2: Security in the Cloud

Readings:

October 4: Mobile Phone Application Security

Readings:

October 5: Security Models

Readings: