CSIS 473 Secure Software


Course Description

Many security problems in software occur when software developers make poor implementation decisions or unwittingly introduce bugs into their code. This course will focus on many of the classic flaws in systems that can lead to security problems including: buffer overflows, format string problems, race conditions, memory leaks, etc. It will also cover many web-application specific topics such as SQL injection attacks and cross-site scripting (XSS) attacks.


Instructor

Dr. B. Wilson (bwilson at georgefox dot edu)
Office hours: Wood-Mar 216 (see schedule)


Texts


Resources


Objectives

The goal of this course is to provide the student the theoretical knowledge of how vulnerabilities exist in software. You will also see each vulnerability in action and discuss prevention techniques in software development


Course Organization

Attendance and participation are critical in this course.

The course will include regular homework and/or programming assignments. Unless otherwise specified, assignments are due before midnight on the due date. There will be no credit given for late assignments (without an excused absence)—turn in as much as you can.

Reading assignments should be completed before the lecture covering the material. Not all reading material will be covered in the lectures, but you will be responsible for the material on homework and exams. Quizzes over the assigned reading may be given at any time.


Collaboration

See the GFU CS/IS/Cyber policies for collaboration and discussion of collaboration and academic integrity. Most students would be surprised at how easy it is to detect collaboration in programming—please do not test us! Remember: you always have willing and legal collaborators in the faculty.

Almost all of life is filled with collaboration (i.e., people working together). Yet in our academic system, we artificially limit collaboration. These limits are designed to force you to learn fundamental principles and build specific skills. It is very artificial, and you'll find that collaboration is a valuable skill in the working world. While some of you may be tempted to collaborate too much, others will collaborate too little. When appropriate, it's a good idea to make use of others—the purpose here is to learn. Be sure to make the most of this opportunity but do it earnestly and with integrity.


Engineering Your Soul

The mission and vision statement of the Computer Science & Information Systems (CSIS) program states that our students are distinctive by "bringing a Christ-centered worldview to our increasingly technological world."

As one step towards the fulfillment of this objective, each semester, the engineering faculty will collectively identify an influential Christian writing to be read and reflected upon by all engineering faculty and students throughout the term. As part of the College of Engineering, CSIS students participate in this effort, known as Engineering Your Soul (EYS). This exercise will be treated as an official component of every engineering course (including CSIS courses) and will be uniquely integrated and assessed at my discretion, typically as a component of the quiz grade.

Students should read the assigned reading each week. Regular meetings will be scheduled throughout the semester that can be attended for chapel elective credit. Students should attend these meetings prepared to discuss the assigned reading, or email a reflection on the assigned reading on or before each meeting date.

It is our hope that students will not view this as one more task to complete, but as a catalyst for continued discussion ultimately leading to a deeper experience of Jesus Christ.


Online Portfolio

All students in the College of Engineering are required to create and maintain an online portfolio on Portfolium to showcase their best work. Portfolium is a "cloud-based platform that empowers students with lifelong opportunities to capture, curate, and convert skills into job offers, while giving learning institutions and employers the tools they need to assess competencies and recruit talent."

Students will post portions of their coursework to Portfolium as directed by their instructor. For example, a portfolio entry might be PDF of poster or presentation content, screenshots or a video demonstration of a software or hardware project, or even an entire source code repository. In addition to required portfolio entries, students are encouraged to post selected work to their portfolios throughout the year.

Students will work with their faculty advisor to curate and refine their portfolios as they progress through the program. Students shall ensure that all portfolio entries are appropriate for public disclosure (i.e., they do not reveal key components of assignment solutions to current or future students).


University Resources

If you have specific physical, psychiatric, or learning disabilities and require accommodations, please contact the Disability Services Office as early as possible so that your learning needs can be appropriately met. For more information, go to ds.georgefox.edu or contact Rick Muthiah, Director of Learning Support Services (503-554-2314 or rmuthiah@georgefox.edu).

My desire as a professor is for this course to be welcoming to, accessible to, and usable by everyone, including students who are English-language learners, have a variety of learning styles, have disabilities, or are new to online learning systems. Be sure to let me know immediately if you encounter a required element or resource in the course that is not accessible to you. Also, let me know of changes I can make to the course so that it is more welcoming to, accessible to, or usable by students who take this course in the future.

The Academic Resource Center (ARC) on the Newberg campus provides all students with free writing consultation, academic coaching, and learning strategies (e.g., techniques to improve reading, note-taking, study, time management). During the 2021 spring semester, the ARC is offering physically distanced, in-person appointments as well as virtual appointments over Zoom. The ARC, located in the Murdock Learning Resource Center (library), is open from 1:00–8:00 p.m., Monday through Thursday, and 12:00–4:00 p.m. on Friday. To schedule an in-person or virtual appointment, go to the online schedule at arcschedule.georgefox.edu, call 503-554-2327, email the_arc@georgefox.edu, or stop by the ARC. Visit arc.georgefox.edu for information about ARC Consultants' areas of study, instructions for scheduling an appointment, learning tips, and a list of other tutoring options on campus.


Coronavirus Protocol

For those who do not know me yet, I have a very medically fragile wife and daughter that live at home and both are considered extreme high risk for COVID-19. I have been able to keep them safe during the summer and fall, but I do not know what this spring holds. I need your help protecting my family.

Since we spend much/most of our time in the computer science laboratories the following protective protocol will be implemented at all times within our labs/classrooms:

If you feel you are unable to follow this protocol, contact me immediately. Any student who does not comply with this protocol, or otherwise exhibits behavior that I perceive as a safety risk to myself or others, will be asked to leave.


Grading

Grading Scale

Current Grades

The final course grade will be based on:


Tentative Schedule

Week 1

Introduction, Ethics, & VMs

Week 2

LAMP Stack & Mutillidae VM

Week 3

Current Event & OWASP Injection

Week 4

SQL Injection & OWASP Broken Authentication

Week 5

OWASP Insecure Direct Object Reference

Other Info No Class Tue (2/16)

Week 6

Buffer Overflow & OWASP Misconfiguration

Week 7

BoF cont. & OWASP Sensitive Data

Week 8

BoF Lab & OWASP Access Control

Week 9

NCL Preseason Contest

Week 10

Format String Vulnerability & NCL Individual Contest

Other Info No Class Thur (3/25)

Week 11

Fmt Str cont. & OWASP Cross-Site Request Forgery

Week 12

Fmt Str cont. & OWASP Vulnerable Components

Week 13

Cross-Site Scripting (XSS) & OWASP XSS

Week 14

TBD

TBD

Final exam


This page was last modified on 2021-04-15 at 11:25:53.

Copyright © 2015–2021 George Fox University. All rights reserved.