CYB 4920. Secure Software Development and Testing (3 credits)

This course will explore the foundations of secure software engineering- constructing software systems that are resilient to vulnerabilities and attacks.  Covers three areas; software coding, secure software analysis & design, software security testing. Students will be exposed to the attack patterns and known code vulnerabilities including, buffer overflow, stack/heap overflow, return-into-libc, integer overflow, uncontrolled format String, race conditions and etc. Students will learn the development of best secure coding practices and mitigation approaches through case studies and programming assignments. Security Lifecycle Approaches such as SDL, SDL-Agile, TouchPoint, Common Criteria, SQUARE, and CLASP will be introduced. Students will also learn about Abuse/Misuse cases, Security Requirements, Thread Modelling, Architecture Risk Analysis, Secure Designing, Sandboxing, Code Obfuscation, Code Review, Static Testing, Fuzz Testing, and Penetration Testing. PREREQ: CSC 2920, CSC 3020