CEN 5079 Secure Application Programming

	Professor: Nagarajan Prabakar (naa-ga-raa-jan pra-baa-kar)
	Phone: 305-348-2033
	E-mail: prabakar@cis.fiu.edu
	Office: CASE-382
	Office Hours: CASE-382 (Aug 26 - Dec 10) Tue/Thu: 4:00-4:45pm,6:30-7:30pm, 9:15-10:00pm or by appointment

Catalog Description: Development of applications that are free from common security vulnerabilities, such as buffer overflow, SQL injection, and cross-site scripting attacks. Emphasis is on the development of distributed web applications.

Prerequisite: SCIS Graduate Standing

Textbook: Security In Computing, 5th Edition
Pfleeger and Pfleeger
Prentice Hall (ISBN: 0-13-408504-3)
and research papers assigned for reading.

Detailed Syllabus (pdf file)

Topics:

Software security fundamentals: basic science, bugs, software security and operations
Survey and case study of coding errors: input validation (cross-site scripting, buffer
overflow, SQL injection), API abuse, race condition, error handling, encapsulation,
environment
Risk management: business context, business and technical risks, ranking risks, fixes
and validation
Architecture risk analysis
Static analysis tools to find implementation bugs
Software penetration testing
Risk-based security testing
Abuse cases: anti-requirements, abuse attack model
Enterprise software security: business climate, metrics, secure development lifecycle
Security knowledge management: expertise, security knowledge, the Department of
Homeland Security Build Security In Portal

Grading:

10% class participation

30% assignments (Labs)

30% midterm exam (Oct 15th)

30% final exam (Dec 10th)

I will use the following relative grading scheme.

Other Issues:

I expect you to maintain a high level of academic integrity in this course.
Please read FIU's Code of Academic Integrity.
You are allowed to consult other books in solving assignment problems, or to discuss the problems with other students, but you must do the assignments on your own.

For each assignmnet, you must upload the soft copy of the assignment through Canvas before the deadline and submit a printed copy of the assignment along with the signed originality declaration, in class on the due date.

I will grant incompletes only in extreme circumstances, such as medical emergencies with proper documentation.

I expect you to attend class regularly and promptly, and to participate in discussions. Feel free to ask questions -- if something is unclear to you, it is probably unclear to others as well.

System: Graduate Lab (CASE-252)

PC workstations

For additional course information, please visit FIU LMS Support

Discussion Forums

Keep in mind that your discussion forum postings will likely be seen by other members of the course. Care should be taken when determining what to post.

Important Information

Before starting this course, please review the following pages: