Skip navigation.

Spring 2011: COMP 3701/4701: Topics in Computer Science: Secure Software

Many security problems in software are born when software developers
make poor implementation decisions or unwittingly introduce bugs in
their code. In this course, we will cover many of the classical flaws
in systems that can lead to security problems, including: buffer
overruns, format string problems, overflows, exception issues, race
conditions, etc. We will also cover some webapp-specific topics such
as SQL injection attacks, and cross-site scripting (XSS) attacks.

We will use the book "24 Deadly Sins of Software Security: Programming
Flaws and How to Fix Them" by Howard, LeBlanc, and Viega as the basis
for the course and will look at code and example programs implemented
in the major programming languages.

Classes will be a mix of lecture, in-class exercises and homeworks
will be focused around implementing attacks on flawed code.

The class will meet Monday / Wednesday, 10:00 - 11:50 AM.