CNT 4419, Fall 2022
Secure Coding
Announcements
Final grades are posted on Canvas.
Course materials
Useful Links
Please use Canvas to check your grades.
Schedule (filled in as the semester progresses)
| Week | Dates | Topics | Textbook Reading |
|---|---|---|---|
| 1 | 08/22, 08/24 | Introduction; Definitions (policy, mechanism, enforcement) | Chapter 1 |
| 2 | 08/29, 08/31 | Definitions (property, CIA, safety); Test I (on 08/31) | Optional: Enforceable Security Policies |
| 3 | 09/07 | Review; Liveness | Class notes |
| 4 | 09/12, 09/14 | (Un)Enforceability; Test II (on 09/14) | Class notes |
| 5 | 09/19, 09/21 | Review; Threats | Chapters 2-3, Appendix A |
| 6 | 09/26, 09/28 | (hurricane) | |
| 7 | 10/03, 10/05 | Threats; Tradeoffs; Secure design; Test III (on 10/05) | Class notes |
| 8 | 10/10, 10/12 | Review; Access control; Intro to buffer overflows | Class notes |
| 9 | 10/17, 10/19 | Buffer overflows; Test IV (on 10/19) | Chapters 5-6 |
| 10 | 10/24, 10/26 | Format-string and integer-overflow attacks; Networking and communications | Class notes |
| 11 | 10/31, 11/02 | Protocols; DoS; Firewalls; IDSs; Web applications; Test V (on 11/02) | Class notes |
| 12 | 11/07, 11/09 | Client-state manipulation; CSRFs; Databases; Information management | Chapter 7 |
| 13 | 11/14, 11/16 | SQL; SQL-injection attacks; Test VI (on 11/16) | Chapter 8 |
| 14 | 11/21 | Review; SQL-injection attacks; XSS | Class notes |
| 15 | 11/28, 11/30 | XSS; Cryptography; Password management | Class notes |
| Final | 12/05 | Final Exam, 3-5pm | All tests and exam are cumulative |