Skip to main content

CSC 438/539 Systems and Software Security, Spring 2014

Instructor: Dr. Natarajan Meghanathan

————————————————————
Syllabus
Lecture Slides
Regular Project Descriptions
Term Project Descriptions
Question Bank (Sample Questions)
————————————————————

Syllabus

CSC 438 Syllabus

CSC 539 Syllabus

Lecture Slides

Module 1: Cryptography

Module 2: Systems Security

Module 3: Web Security

Module 4: Secure Coding Standards in Java
Code Snippets

Module 5: Testing for Software Security: Case Studies on Source Code Analysis in Java
Code Snippets
Video Demo on using the Source Code Analyzer

Module 6: Software Security Attacks

Module 7: Risk Analysis for Secure Software Design

Module 8: Secure Software Development Lifecycle

Module 9: SQL Injection Attacks and Multi-level Database Security

Module 10: Malware

Regular Project Descriptions

Project 1    Due: February 26, 2014, 7.30 PM
Exploring UNIX Access Control in a Virtual Machine Environment

Project 2    Due: March 26, 2014, 7.30 PM
Simulating the TOCTTOU Vulnerability in a Linux Environment:      Java Version      C++ Version

Project 3    Due: April 2, 2014, 7.30 PM
Java Secure Coding Standards
Selecting Test Cases using Equivalence Partitions: Example

Project 4    Due: April 16, 2014, 7.30 PM
Testing for Software Security: Source Code Analysis (Java)
Demo on using the HP Fortify Source Code Analyzer: Video

Term Project Descriptions

Pick one of these two projects (reports/videos should be submitted for only one project)

Choice # 1: Stack Smashing Attack on a C Program

Choice # 2: Use of CAPTCHA (Image Display and Selection Strategy) to Prevent XSRF Attacks
Online Banking Application Archive

 

Question Bank (Sample Questions)

Sample Questions for Module 1: Cryptography
Solution for Q14

Sample Questions for Module 2: Systems Security

Sample Questions for Module 3: Web Security

Sample Questions for Module 4: Secure Coding Standards (Java)

Sample Questions for Module 5: Source Code Analysis

Sample Questions for Module 6: Software Security Attacks

Sample Questions for Module 7: Risk Analysis for Secure Software Design

Sample Questions for Module 8: Secure Software Development Lifecycle

Sample Questions for Module 9: SQL Injection Attacks and Multi-level Database Security

Sample Questions for Module 10: Malware