Courses

ITS 45000 — Software Assurance

This course covers defensive programming techniques, bounds analysis, error handling, advanced testing techniques, detailed code auditing, software specification in a trusted assured environment. Extensive laboratory exercises are assigned.

Required course.

Time & Place

10:00am-12:00pm
Tuesday and Thursday

Textbook

  1. Writing Secure Code, Second Edition, Michael Howard and David LeBlanc
  2. Secure Coding in C and C++, Robert Seacord, Addison-Wesley, 2005
  3. Secure Coding: Principles and Practices, Mark Graff, Kenneth Wyk, O'Reilly, 2003

Instructor

Ricardo A. Calix, Ph.D.
Computer Information Technology and Graphics
Purdue University Calumet
ricardo.calix@purduecal.edu

Office Hours

241 Anderson, Tuesday and Thursday, 2-4 PM

Assignments

  1. Assignment 1: Buffer Overflows
  2. Assignment 2: Code Injections and Web Security
  3. Assignment 3: Software Testing and Data Verification
  4. Term Project - Phase I: White Box Testing
  5. Term Project - Phase II: Black Flow Testing
  6. Term Project - Phase III: Security Testing
 

Labs

  1. Lab 1: Set-UID Program Vulnerability Lab
  2. Lab 2: Format String Vulnerabilities and Understanding the Stack Lab
  3. Lab 3: Buffer-Overflow Vulnerability Lab
  4. Lab 4: SQL Injection Lab
  5. Lab 5: Cross-Site Scripting (XSS) Attack Lab
  6. Lab 6: Term Project Definition and Catch up Lab (XSS and SQL injection problems continued)
  7. Lab 7: Cross Site Request Forgery (CSRF) Lab
  8. Lab 8: Integer Security Lab and White-box testing
  9. Lab 9: Web SOP Lab [Part A]
  10. Lab 10: Web SOP Lab [Part B]
  11. Lab 11: Race Condition Lab
  12. Lab 12: Term Project Demo and Black Box Testing
  13. Lab 13: Term Project and Click Jack Attack Lab
  14. Lab 14: Term Project
  15. Lab 15: Chroot Sandbox Jail Lab

 

Useful

Example problems will be provided as required. 

Software we will use:

 

Calendar Fall 2012 (subject to change)

Sun Mon Tue Wed Thu Fri Sat
Aug 19 Aug 20 Aug 21

L1: Running with scissors

Aug 22
 
Aug 23

Lab 1: Set-UID Program Vulnerability Lab

Aug 24 Aug 25
Aug 26 Aug 27
 
Aug 28

L2: Strings and Buffer Overflow

Aug 29
 

Aug 30
Lab 2: Format String  Vulner. and Understanding the Stack Lab

Aug 31 Sept 1
Sept 2 Sept 3

Labor day

Sept 4
L3: Software Security 1

 

Sept 5
 
Sept 6
Lab 3: Buffer Overflow Vulnerability Lab
Sept 7 Sept 8
Sept 9 Sept 10 Sept 11        L4: Software Security 2  

Quiz 1

Sept 12

 

Sept 13
Lab 4: SQL Injection Lab
Sept 14 Sept 15
Sept 16 Sept 17 Sept 18       L5: Pointer Subterfuge Sept 19

Sept 20
Lab 5: Cross-Site Scripting (XSS) Attack Lab

Sept 21 Sept 22
Sept 23 Sept 24

Sept 25

Exam 1
 

Sept 26 Sept 27       L6: Software Testing

Lab 6: Term Project and Catch-up

Sept 28 Sept 29
Sept 30 Oct 1 Oct 2         
L7: Dynamic Memory management /

Systems Analysis and Design

Oct 3 Oct 4           Lab 7: Cross Site Request Forgery (CSRF) Lab Oct 5
 
Oct 6
Oct 7 Oct 8 Oct 9
L8: Integer Security
Oct 10 Oct 11
Lab 8: Integer Security Lab and White-box Testing
Oct 12 Oct 13
Oct 14 Oct 15

Fall Break

Oct 16

Fall Break

Oct 17
 
Oct 18         L9:  Web Same Origin Policy         

Lab 9: Web SOP Lab [Part A]

Oct 19 Oct 20
Oct 21 Oct 22 Oct 23    

L10: Recommended Practices

 

Oct 24
 
 

Oct 25         Lab 10: Web SOP Lab [Part B]

Term Project

Oct 26 Oct 27
Oct 28 Oct 29 Oct 30       L11: File Input Output

Black Box Testing

Oct 31 Nov 1

Lab 11: Race Condition Lab

 

Nov 2 Nov 3
Nov 4 Nov 5 Nov 6       

Exam 2

Nov 7

Nov 8         Lab 12: Term Project Demo and Black-box Testing   

Nov 9 Nov 10
Nov 11 Nov 12

Nov 13
L13: Software Testing and Click Jack Attacks

Nov 14
 

Nov 15         Lab 13: Term Project and Click Jack Attack Lab

Nov 16
 
Nov 17
Nov 18 Nov 19 Nov 20      L14: Special Topics

Term Project

Nov 21
 

 

Nov 22

Thanksgiving

Nov 23
 
Nov 24
Nov 25 Nov 26 Nov 27

Code Wrapper and Chroot Sandbox Jail

 

Nov 28
 
Nov 29

Term Project

Nov 30
 
Dec 1
Dec 2 Dec 3

Concentrated Study

Dec 4

Presentations

Dec 5
Concentrated Study
Dec 6

Course Wrap-up

Dec 7
Last Day of Classes
Dec 8
Dec 9 Dec 10
Finals
Dec 11
Finals
Dec 12
Finals
Dec 13
Finals
Dec 14
Finals
Dec 15