This course provides an introduction to the pitfalls and practices of building secure software applications. Topics will include threat modeling, secure software development, defensive programming, web security, and the interaction between security and usability. The course focuses on the application level with minor attention to operating-system level security; network-level security is not covered. Assignments involve designing and implementing secure software, evaluating designs and systems for security-related flaws, and presentations on security issues or tools. All students will be required to sign a pledge of responsible conduct at the start of the course.
CS3013 and CS3733. The course assumes nontrivial experience with C and Unix, familiarity with operating systems, filesystems, and databases, and experience with technologies for building web applications (from CS4241 or personal experience).