I recently completed a lecture on secure software engineering, and I guess there a quite a few people on this list who could make use of some of the material, whether for their own presentations or simply for teaching themselves.
The lecture was given at Kaiserslautern University of Technology as 12 lessons of 90 minutes (each comprising about 35 slides) in English; note that the accompanying student exercise problems are in German, however. The chapters (of varying length, as indicated by their mapping to lessons) are as follows: 01 IT Security and Software Security 02 Fundamental Notions and Definitions 03a Vulnerabilities and Attacks (Part 1) 03b Vulnerabilities and Attacks (Part 2) 04 Security in the Software Development Process 05 Security Requirements Elicitation 06 Threat Analysis 07a Security in Architecture and Design (Part 1) 07b Security in Architecture and Design (Part 2) 08a Secure Coding (Part 1) 08b Secure Coding (Part 2) 09 Quality Assurance 10, 11, 12 Process Models, Usability, and Conclusions You can find all the material at http://www.iese.fraunhofer.de/lectures/peine/materialcourse/ This was the first iteration of my first self-designed lecture; it is certainly not perfect yet (in fact I already have some improvements sketched for the next iteration, such as reorganizing the process material), so criticism is welcome. I know of few comparable lectures world-wide, i.e. university lectures covering security specifically from a software engineering viewpoint; so far, I'm aware of the lectures by Pascal Meunier at Purdue and by Dieter Gollmann at Hamburg-Harburg; if you know of any others, I'd be glad to hear about those, too. Kind regards from Germany, Holger Peine -- Dr. Holger Peine, Project Manager Security Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany Phone +49-631-6800-2134, Fax -1899 (shared) http://www.iese.fraunhofer.de PGP key via http://pgp.mit.edu ; fingerprint is 1BFA 30CB E3ED BA99 E7AE 2BBB C126 A592 48EA F9F8 _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
