CNT 4419, Spring 2025
Secure Coding
Announcements
Assignment IV is due on Sunday May 4 at 11:59pm. The final exam is on Wednesday, May 7 at 12:30-2:30pm.
Course materials
Useful Links
Please use Canvas to check your grades.
Schedule (filled in as the semester progresses)
| Week | Dates | Topics | Textbook Reading |
|---|---|---|---|
| 1 | 1/13, 1/15 | Introduction; Definitions (policy, mechanism, enforcement) | Chapter 1 |
| 2 | 01/22 | Definitions (property, CIA, safety, liveness) | Optional: Enforceable Security Policies |
| 3 | 1/27, 1/29 | Definitions (property, CIA, safety, liveness) | Class notes |
| 4 | 2/03, 2/05 | Definitions (property, CIA, safety, liveness); (Un)Enforceability | Class notes |
| 5 | 2/10, 2/12 | Review; (Un)Enforceability; Threats | Chapter 2 |
| 6 | 2/17, 2/19 | Threats; Tradeoffs | Class notes |
| 7 | 2/24, 2/26 | Secure design; Access control | Chapter 3, Appendix A |
| 8 | 3/03, 3/05 | Access control; Buffer overflows | Chapters 5-6 |
| 9 | 3/10, 3/12 | Buffer overflows | Class notes |
| 10 | 3/24, 3/26 | Format-string and integer-overflow attacks | Class notes |
| 11 | 3/31, 4/02 | Other memory-corruption vulnerabilities; Networking and communications | Class notes |
| 12 | 4/07, 4/09 | Protocols; DoS; Firewalls; IDSs | Class notes |
| 13 | 4/14, 4/16 | Web applications; Client-state manipulation; CSRFs | Chapter 7 |
| 14 | 4/21, 4/23 | Databases; Information management; SQL; Injection attacks | Chapter 8 |
| 15 | 4/28, 4/30 | SQL-injection attacks; XSS; Cryptography; Password management | Class notes |
| Final | 5/07 | Final Exam, 12:30-2:30pm | All quizzes and exam are cumulative |