I was thinking of a beginner-level programming class. I have and it
can be a challenge, especially if they don't have the "programming
mindset". Even if they do, you don't have the time for the things you
spoke about. You are focusing on basic coding constructs first. :)
CISM, CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI
Quoting Stephan Neuhaus <stephan.neuh...@disi.unitn.it>:
On Aug 21, 2009, at 17:51, Brad Andrews wrote:
Has anyone who holds to this taught a beginning level programming class?
I have. I taught a security class to undergrads. It was easier than I
thought, at least the basics were. I got them excited by a "let's try
to break things" attitude. They wrote buffer overflow exploits (using
freely available shellcode), they cracked linear congruential PRNGs,
they subverted insecure protocols. As far as I can tell, they had a
good time, since I had the highest retention rate for optional courses
in that year: 40 signed up for the course and 39 took the final exam.
Once they understood that the right mind-set is not "oh come on, what
can possibly go wrong?" but "okay, let's see what *can* go wrong", they
were on their way.
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.