Courses

ITS 450 — Software Assurance

This course covers defensive programming techniques, bounds analysis, error handling, advanced testing techniques, detailed code auditing, software specification in a trusted assured environment. Extensive laboratory exercises are assigned.Topics: buffer overflows, web SOP, XSS, web worms, e-commerce security, and more.

Time & Place

6-8 pm Tuesday and Thursday

Textbook

  1. Computer & Internet Security: A hands on approach by Wenliang Du

Instructor

Ricardo A. Calix, Ph.D.
Purdue University Northwest
rcalix@pnw.edu

Office Hours

241 Anderson

Assignments

  1. Assignment 1: Buffer Overflows
  2. Assignment 2: Code Injections and Web Security

Videos

Labs

  1. Lab 1: Set-UID Program Vulnerability Lab
  2. Lab 2: Format String Vulnerabilities and Understanding the Stack Lab
  3. Lab 3: Buffer-Overflow Vulnerability Lab
  4. Lab 4: SQL Injection Lab
  5. Lab 5: Cross-Site Scripting (XSS) Attack Lab
  6. Lab 6: Term Project Definition and Catch up Lab (XSS and SQL injection problems continued)
  7. Lab 7: Cross Site Request Forgery (CSRF) Lab
  8. Lab 8: Integer Security Lab and White-box testing
  9. Lab 9: Web SOP Lab [Part A]
  10. Lab 10: Web SOP Lab [Part B]

Useful

Example problems will be provided as required. 

Software we will use:

Calendar Fall 2020 (subject to change)

Mon Tue Wed Thu Fri
Aug 24

Aug 25

Intro to Software Assurance


video

Aug 26

Aug 27

SETUID Lab


video

Aug 28
Aug 31

Sep 1

Format string vulnerability

video

Sep 2

Sep 3
Format String Lab

video

Sep 4
Sep 7

Sep 8

Code injection with format string

video

Sep 9

Sep 10

Buffer Overflow

video

video

Sep 11
Sep 14

Sep 15

Buffer Overflow

video

Sep 16

Sep 17
 

Buffer Overflow

video

Sep 18
Sep 21

Sep 22

Buffer overflow and project

video

Sep 23

 

Sep 24
 

Review and buffer overflow lab

video

Sep 25

 
Sep 28

Sep 29

Exam1

Sep 30

Oct 1

Project intro

video

Oct 2
Oct 5

 

Oct 6

Web SOP

video

Oct 7

 

Oct 8

Buffer overflow 2 - practical

video

Oct 9

 
Oct 12

 
Oct 13
 
Oct 14

 

Oct 15

SQL Injection

video

Oct 16
 
Oct 19

 

Oct 20

SQL Injection

video
 

Oct 21

 

Oct 22

Project demos
 

Oct 23

 
Oct 26

 

Oct 27

The box testing model

Integer Security

video

Oct 28

 

Oct 29

SQL Injection Lab

video 
 

Oct 30

 
Nov 2

 

Nov 3

Cross Site Scripting

video

Nov 4

 

Nov 5


Cross Site Scripting

video

Nov 6
 
Nov 9

Nov 10

Exam 2

Nov 11

Nov 12
 

XSS Self Replicating Worm

video

Nov  13
Nov 16

Nov 17

Cross Site Request Forgery

video

Nov 18

Nov 19
 

Project Demos
Nov 20
 
Nov 23

Nov 24

Race condition vulnerability and Shellshock

video

Nov 25 Nov 26
 
Nov 27
Nov 30
 

Dec 1
 

Work on project

Dec 2
 

Dec 3

Work on project

Dec 4
 
Dec 7

Dec 8

Presentations

Dec 9
 

Dec 10
 

Presentations

Dec 11
 
Dec 14
Finals
Dec 15
Finals
Dec 16
Finals
Dec 17
Finals
Dec 18
Finals