Secure Programming 2011/2012

Facebook group for this module

Continuous assessment marks

The first class test counts for 40% of the continuous assessment mark and the second class test counts for 50%. The Peerwise marks (basic and bonus) count for 10% each. The continuous assessment mark is capped at 100%.

Marks for continuous assessment

Marks for the second class test It counts for 50% of the continuous assessment mark.

Marks for the first class test It counts for 40% of the continuous assessment mark.

Schedule of lectures

9.1. Intro to module and peerwise
12.1. Saltzer and Schroeder security principles
16.1. Intro to command injection
19.1. SQLCIA variants
23.1. command injection defences: why parametrized statements
26.1. command injection and trees; XML injection
30.1. DoS attacks and reg exp matching
2.2. Regular expressions and reg exp DoS
6.2. Class test 1
9.2. buffer overflow intro: C vs memory-safe languages
13.2. structure of the call stack
16.2. smashing the stack: canaries
20.2 format string attacks.
23.2. heap buffer overflow; memory manager and arbitrary pointer assignment
27.2. arbitrary code excution
1.3. non-executable stack (W^X) versus return-oriented programming
5.3. resources, control flow, and TOCTOU
8.3. static analysis for security
12.3. Class test 2
15.3. Java security and stack inspection

Peerwise

Please sign up for this module on Peerwise immediately; it only takes a few minutes.

10% of the continuous assessment mark will be given for participation in Peerwise. See the instructions for students on that page.

To gain points, you must write at least one multiple-choice question on a topic covered in the module, and answer at least three other questions.

Another 10% of the mark may be given as discretionary bonus points. The bonus marks may be awarded for active participation (e.g. leaderboard status), but in particular for writing insightful questions.

The more questions you create, answer, comment on, etc, the more you will learn and the more you will help other students on the module. If a fair number of students contribute good questions, there will be plenty of revision material for everyone before the exams. You may also enjoy winning badges and trying to get on the leaderboard.

You need to register on the Peerwise server.

Required and further reading

This course will mostly rely on some links for required and further reading available on the Web rather than books.

I have tried to read and evaluate textbooks relevant for this module, and have made list of the most relevant books on secure programming.

Course overview

Pre- and corequisites of this course

As this is an advanced MSc course, it assumes some Computer Science background. The Computer Security module is relevant, but not a strict prerequisite.