COMP-4384 Details
COMP 4384 Secure Software Engineering
Course Description
Secure software engineering provides students with the background of software security, why security matters, and how they can take security into account when writing new software programs.
Course Learning Objectives
By completing this course, students will be familiar with the following specific topics:
- Common vulnerabilities in software
- Security by design, domain driven software security, defense in depth
- Using domain models
- Creating models in domain driven design for security
- Programming practices that promote security (immutability, non-blocking processes, etc.)
- Contracts, context, validation of states and user input
- The builder pattern for state verification
- Software testing for security (unit testing, valid/invalid inputs, fuzzing)
Course Outcomes
Upon successful completion of this course, students will have learned:
- What kind of vulnerabilities are common in software, and how can they be prevented. A theoretical understanding of those vulnerabilities will be gained as well as hands-on experience with one or more instances of those vulnerabilities.
- How to assess whether software contains particular vulnerabilities and the methods used to do so (e.g., dynamic and static analysis, fuzzing).
- The ability to converse about software and software vulnerabilities including common terms and definitions.