CNT 4419, Spring 2025
Secure Coding
Announcements
Final grades are posted in Canvas.
Course materials
Useful Links
Please use Canvas to check your grades.
Schedule (filled in as the semester progresses)
| Week | Dates | Topics | Textbook Reading |
|---|---|---|---|
| 1 | 1/13, 1/15 | Introduction; Definitions (policy, mechanism, enforcement) | Chapter 1 |
| 2 | 01/22 | Definitions (property, CIA, safety, liveness) | Optional: Enforceable Security Policies |
| 3 | 1/27, 1/29 | Definitions (property, CIA, safety, liveness) | Class notes |
| 4 | 2/03, 2/05 | Definitions (property, CIA, safety, liveness); (Un)Enforceability | Class notes |
| 5 | 2/10, 2/12 | Review; (Un)Enforceability; Threats | Chapter 2 |
| 6 | 2/17, 2/19 | Threats; Tradeoffs | Class notes |
| 7 | 2/24, 2/26 | Secure design; Access control | Chapter 3, Appendix A |
| 8 | 3/03, 3/05 | Access control; Buffer overflows | Chapters 5-6 |
| 9 | 3/10, 3/12 | Buffer overflows | Class notes |
| 10 | 3/24, 3/26 | Format-string and integer-overflow attacks | Class notes |
| 11 | 3/31, 4/02 | Other memory-corruption vulnerabilities; Networking and communications | Class notes |
| 12 | 4/07, 4/09 | Protocols; DoS; Firewalls; IDSs | Class notes |
| 13 | 4/14, 4/16 | Web applications; Client-state manipulation; CSRFs | Chapter 7 |
| 14 | 4/21, 4/23 | Databases; Information management; SQL; Injection attacks | Chapter 8 |
| 15 | 4/28, 4/30 | SQL-injection attacks; XSS; Cryptography; Password management | Class notes |
| Final | 5/07 | Final Exam, 12:30-2:30pm | All quizzes and exam are cumulative |