This course covers defensive programming techniques, bounds analysis, error handling, advanced testing techniques, detailed code auditing, software specification in a trusted assured environment. Extensive laboratory exercises are assigned.Topics: buffer overflows, web SOP, XSS, web worms, e-commerce security, and more.
6-8 pm Tuesday and Thursday
Ricardo A. Calix, Ph.D.
Purdue University Northwest
rcalix@pnw.edu
241 Anderson
Example problems will be provided as required.
Software we will use:
Mon | Tue | Wed | Thu | Fri |
---|---|---|---|---|
Aug 24 |
Aug 25 Intro to Software Assurance |
Aug 26 |
Aug 27 SETUID Lab |
Aug 28 |
Aug 31 |
Sep 1 Format string vulnerability |
Sep 2 |
Sep 3 |
Sep 4 |
Sep 7 |
Sep 8 Code injection with format string |
Sep 9 |
Sep 10 Buffer Overflow |
Sep 11 |
Sep 14 |
Sep 15 Buffer Overflow |
Sep 16 |
Sep 17 Buffer Overflow |
Sep 18 |
Sep 21 |
Sep 22 Buffer overflow and project |
Sep 23 |
Sep 24 Review and buffer overflow lab |
Sep 25 |
Sep 28 |
Sep 29 Exam1 |
Sep 30 |
Oct 1 Project intro |
Oct 2 |
Oct 5 |
Oct 6 Web SOP |
Oct 7 |
Oct 8 Buffer overflow 2 - practical |
Oct 9 |
Oct 12 |
Oct 13 |
Oct 14 |
Oct 15 SQL Injection |
Oct 16 |
Oct 19 |
Oct 20 SQL Injection |
Oct 21 |
Oct 22 Project demos |
Oct 23 |
Oct 26 |
Oct 27 Integer Security |
Oct 28 |
Oct 29 SQL Injection Lab |
Oct 30 |
Nov 2 |
Nov 3 Cross Site Scripting |
Nov 4 |
Nov 5 Cross Site Scripting |
Nov 6 |
Nov 9 |
Nov 10 Exam 2 |
Nov 11 |
Nov 12 |
Nov 13 |
Nov 16 |
Nov 17 Cross Site Request Forgery |
Nov 18 |
Nov 19 |
Nov 20 |
Nov 23 |
Nov 24 Race condition vulnerability and Shellshock |
Nov 25 | Nov 26 |
Nov 27 |
Nov 30 |
Dec 1 Work on project |
Dec 2 |
Dec 3 Work on project |
Dec 4 |
Dec 7 |
Dec 8 Presentations |
Dec 9 |
Dec 10 Presentations |
Dec 11 |
Dec 14 Finals |
Dec 15 Finals |
Dec 16 Finals |
Dec 17 Finals |
Dec 18 Finals |