We meet in FL 320 on Monday, Tuesday, Thursday, and Friday, 2 -- 2:50 pm.
An introduction to pitfalls and sound practices for building secure software applications. Topics include web security, secure software development, defensive programming, threat-modeling and human-computer interaction issues that affect security. The course focuses on the application level, with little attention to operating-system level security or to network-level security. Assignments will involve uncovering security holes in software, implementing secure applications, and presenting a case study on security technology. The course is intended for upper-level Computer Science majors who expect to be writing applications with a security component. All students will be required to sign a pledge of responsible conduct at the start of the course.
CS3733 and CS3013 or their equivalents are essential. The course assumes nontrivial experience with C and Unix; familiarity with operating systems and filesystems; and a basic understanding of client-server architectures.
You can reach the course staff as follows:
Generally speaking, email works very well for communication. I try to respond very quickly to course-related email, especially when you mention [cs4401] in the subject line. When you email me or the -staff list, please take a moment to think what information we'll need to give you a useful reply. Messages that are fairly short but have the right details get the fastest and best replies.
You can find me in my office, FL 137, at these times at least:
You can email me mailto:firstname.lastname@example.org (mentioning [cs4401] in the subject line) to set up meetings at other times also. The SA office hours in FL A22 are:
|Randall Crock:||Wednesday, 6 pm||Friday, 11 am|
|Ryan Price:||Wednesday, noon||Thursday, noon|
We will focus on five main topics, probably treating the last only very briefly:
Thanks very much to Professor Fisler, for allowing me to borrow liberally from her editions of this course.
We will not use a textbook for this class. You may want to read parts of Ross Anderson's Security Engineering book (published by Wiley). The current edition is the second; the first edition is available freely on line at http://www.cl.cam.ac.uk/~rja14/book.html. Also convenient for web security is Dafydd Studdard and Marcus Pinto's Web Application Hacker's Handbook; see http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470170778.html.
Our first readings and class-by-class topics are at initial_readings.html.
Assignments are at URL assigns.html.
If you need course adaptations or accommodations because of a disability, or if you have medical information to share with me, please make an appointment with me as soon as possible. Students with disabilities who believe that they may need accommodations in this class are encouraged to contact the Office of Disability Services (ODS) so that accommodations can be made promptly.
ODS is in the West St. House at 157 West St. Their phone is 508 831 4908.
This document was translated from LATEX by HEVEA.