SE 431 - Software Security
(Spring 2021, Sections 1, 2, and 4)
|Overview||Cheating & Collaboration||Grading Scheme||Textbook||Schedule|
This course teaches software engineering techniques for building secure software and explores the fundamental concepts and engineering processes of software development and testing to produce software designed for security. The course covers both theory and practice of software security, focusing mainly on some common software security risks, including buffer overflows, race conditions, and identifying potential threats and vulnerabilities early in the design cycle. Emphasizes methodologies and tools for identifying and eliminating security vulnerabilities, techniques to prove the absence of vulnerabilities, ways to avoid security holes in new software, and essential guidelines for building secure software: how to design software with security in mind from the ground up and to integrate analysis and risk management throughout the software life cycle. This course covers some common software security attacks, including SQL injection, Cross-site scripting (XSS), Cross-site request forgery (CSRF), and Session hijacking.
Instructors: Ahmed Saleh Shatnawi
Instructor's Office Location: M2 L2
Instructor's Virtual Office Hours: I will share a Zoom URL to my office hours on the eLearning wesite when the semester starts.
I prefer you join the virtual office hours with audio and video on.
When you join the meeting, please speak up because I may have minimized my Zoom window.
You can schedule a meeting by appointment.
TA: Iqlema AlQuran (email@example.com )
Prerequisites: The course requires two courses SE 324 & CPE 200
All graded assignments must be your own work (your own words), but you may work with other people as
long as you list their names prominently on the first page of the assignment, and/or in a comment at the
top of the assignment, for example:
// Mohammad, Homework #6, SE 431
// I discussed this assignment with Mariam,
// and Amir. We looked at each other's design notes,
// but did not exchange the copies.
For this course, verbal communication and collaboration using non-code text or hand-written notes/code is permitted, as long as it is properly documented. Documentation must also be made for help from anyone not in the course, such as a tutor, friend, or relative, and for information off the Web.
Automatic copying of assignments (e.g. email, messaging, flash drive copies, printed hard copies, etc) is strictly forbidden. At the very least, you must write every word in your assignments. If you are unsure whether something is permitted, please check with me. If you turn in an assignment which is an electronic copy (or a minor variation of a copy) of other peoples work, then the source and people who give credit to the source will receive zero for the assignment, while those who do not give credit may be given an 'F' grade for the course. Do not send your assignment by email to other people!
Whether or not you have permission of the other person, submitting someone else's work as your own is plagiarism, a serious instance of academic misconduct. Everyone is responsible for learning the material themselves. Some of the assignments may be graded in person, especially in cases where the individual contribution to the assignment is not clear. If you are graded in person, you will be expected to demonstrate that you have mastered techniques used in the material you submitted.
Course letter grades will be assigned using JUST scale, unless we decide that this scale is too severe (in which case the scale will be adjusted).
Course percentage grades are broken down into the following categories
|Course Element||Fraction of Grade|
|Labs and Assignments||15 %|
|Midterm Exam||20 %|
|Final Exam||50 %|
Your Grades break down as follows:
- Labs and Assignments:
There will be Six virtual Labs, four assignments during the semester. Neither assignment nor Lab grades will be dropped.
Labs will cover the following topics:
- Lab1: Sniffing Network Traffic
- Lab2: Man in the Middle Attack
- Lab3: PGP
- Lab4: Cross-Site Scripting Attack Lab
- Lab5: Cross-Site Request Forgery Attack Lab
- Lab6: SQL Injection Attack Lab
- Project: I strongly encourage pairs. You will be graded in person, you will be expected to demonstrate that you have mastered techniques used in the project you submitted.
- Exams: You will be graded in person/eLearning (depends on the upcoming rules), you will be expected to demonstrate that you have mastered techniques used in the project you submitted have two exams and one cumulative final (with a strong emphasis on the materials covered after the midterm). Exams will take place during regular lecture period. Exam week lectures will be replaced by an ad-hoc review (you should come prepared with questions, or at the very least a vague sense of wonder).
Late homework will not be accepted.
The university has a responsibility to promote academic honesty and integrity and to develop procedures to deal effectively with instances of academic dishonesty. Students are responsible for the honest completion and representation of their work, for the appropriate citation of sources, and for respect of others' academic endeavors. A more detailed description of Student Academic Disciplinary Procedures may be found at this link.
If, due to a disability, you need special accommodations in order to meet any of the requirements of this course, you should contact me as soon as possible.
Required Textbooks: We will be using the textbook
- Computer Security: Principles and Practice, 4th Edition, by William Stallingsa and Lawrie Brown, Pearson, Dec 12, 2017. ( link), ISBN-13: 978-1292220611 ISBN-10: 1292220619.
- Security in Computing, 5th Edition, by Charles P. Pfleeger, Shari Lawrence Pfleeger, and Jonathan Margulies, Prentice Hall, Jan 14, 2015. ( link), ISBN-13: 978-0134085043 ISBN-10: 9780134085043.
This course outline is a "living document". It can be changed in response to events in the course. You'll be notified if major changes are made.
This version was last changed on Febrary 20,2021.
The table below shows the schedule of readings and online lectures for the course.
|Weeks #||Topics||Handouts||Assignments & Labs||Videos||Resources|
|Week 1||Syllabus abd Introduction.|
I welcome your feedback about the class (content, pace, organization) and about any other aspect of the course (lectures, tests, grading, etc.).