The Department of Computer Science at the University of Illinois at Springfield.

Information
 Program Information
 Undergraduate Admission
 Online Degree Admission
 Graduate Admission
 Policies and Procedures

Academics
 Undergraduate Major
 Online Undergrad. Major
 Undergraduate Minor
 Graduate Program
 Semester Schedules
 Online Registration
 Course Descriptions
 Entrance Exam (CSC300)
 Exit Exam (CSC301)
 Course Web Pages

People
 Faculty and Staff
 Students
 Faculty Openings

Resources
 UIS and CS FAQs
 Graduate Projects
 Computer Labs
 Career Section
 Resource Links

Contact
 General Information
 Directions and Maps
Search
 
 
  Search WWW
  Search uis.edu
  Search csc.uis.edu

CSC 436 Secure Programming

Instructor: Dr. Sviatoslav Braynov

Catalog Description: The course introduces the secure software development process including designing secure applications, writing secure code that can withstand attacks, and security testing and auditing. It focuses on the security issues a developer faces, common security vulnerabilities and flaws, and security threats. The course explains security principles, strategies, coding techniques, and tools that can help make code more resistant to attacks. Students will write and analyze code that demonstrates specific security development techniques.

Course objectives: Upon completion of this course, students will be able to:

  • Understand the basics of secure programming.
  • Understand the most frequent programming errors leading to software vulnerabilities.
  • Identify and analyze security problems in software
  • Understand and protect against security threats and software vulnerabilities
  • Effectively apply their knowledge to the construction of secure software systems

Textbooks:

  • J. Viega, M. Messier. Secure Programming Cookbook, O'Reilly, 2003.
  • M. Howard, D. LeBlanc. Writing Secure Code, Microsoft, second edition, 2002.
  • J. Viega, G. McGraw. Building Secure Software, Addison Wesley, 2002.

Course Outline:

  • Introduction to software security
  • Managing software security risk
  • Selecting software development technologies
  • An open source and closed source
  • Guiding principles for software security
  • Auditing software
  • Buffet overflows
  • Access control
  • Race conditions
  • Input validation
  • Password authentication
  • Randomness and determinism
  • Anti-tampering
  • Protecting against denial of service attack
  • Copy protection schemes
  • Client-side security
  • Database security
  • Applied cryptography

Method of Instruction: Lectures by the instructor, hands-on laboratories. A final laboratory project will be completed by each student. A UIS Blackboard website will be developed for the course. The site will include PowerPoint slides, URL links to related material, articles, class announcements, a student discussion area, the course syllabus, test dates, labs, projects, answers, reviews, and other information.

Evaluation methods: Tests, projects, and quizzes will be given. Grades will be assigned on a percentage basis for the following areas:

  • programming assignments - 35%
  • quizzes - 15%
  • midterm test - 25%
  • final test - 25%



Home | Information | Academics | People | Resources | Contact

The Department of Computer Science
University of Illinois at Springfield
One University Plaza
Springfield, IL 62703-5407

Last modified: August 3, 2004
Copyright© 2004 University of Illinois at Springfield