Re: [SC-L] University lecture on Sec Sw Eng online
Speaking about online secure programming materials, I'd love to hear any feedback, positive or negative, about the course materials I posted online years ago at http://projects.cerias.purdue.edu/secprog/, or the more recent derived versions at http://www.cs.purdue.edu/homes/cs390s/ Did anyone use them at all? What could I do to improve them? Thanks, Pascal Meunier Purdue University CERIAS [EMAIL PROTECTED] wrote: > I recently completed a lecture on secure software engineering, > and I guess there a quite a few people on this list who could > make use of some of the material, whether for their own presentations > or simply for teaching themselves. > > The lecture was given at Kaiserslautern University of Technology as > 12 lessons of 90 minutes (each comprising about 35 slides) in English; > note that the accompanying student exercise problems are in German, > however. > The chapters (of varying length, as indicated by their mapping to > lessons) > are as follows: > > 01IT Security and Software Security > 02Fundamental Notions and Definitions > 03a Vulnerabilities and Attacks (Part 1) > 03b Vulnerabilities and Attacks (Part 2) > 04Security in the Software Development Process > 05Security Requirements Elicitation > 06Threat Analysis > 07a Security in Architecture and Design (Part 1) > 07b Security in Architecture and Design (Part 2) > 08a Secure Coding (Part 1) > 08b Secure Coding (Part 2) > 09Quality Assurance > 10, 11, 12 Process Models, Usability, and Conclusions > > You can find all the material at > http://www.iese.fraunhofer.de/lectures/peine/materialcourse/ > > This was the first iteration of my first self-designed lecture; it is > certainly not perfect yet (in fact I already have some improvements > sketched for the next iteration, such as reorganizing the process > material), so criticism is welcome. > > I know of few comparable lectures world-wide, i.e. university lectures > covering > security specifically from a software engineering viewpoint; so far, I'm > aware of the lectures by Pascal Meunier at Purdue and by Dieter Gollmann > > at Hamburg-Harburg; if you know of any others, I'd be glad to hear > about > those, too. > > Kind regards from Germany, > Holger Peine > ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] University lecture on Sec Sw Eng online
In an off-line conversation, Holger suggested I put up a pointer to the undergraduate course in "Secure Programming" I offered this past spring in the School of Computer Science at CMU: https://www.securecoding.cert.org/confluence/display/sci/15392+Secure+Programming This course probably overlaps somewhat with Holger's Secure Coding lectures but also contains additional material. The course uses the Addison-Wesley book "Secure Coding in C and C++" as a text. rCs > I recently completed a lecture on secure software engineering, > and I guess there a quite a few people on this list who could > make use of some of the material, whether for their own presentations > or simply for teaching themselves. > > The lecture was given at Kaiserslautern University of Technology as > 12 lessons of 90 minutes (each comprising about 35 slides) in English; > note that the accompanying student exercise problems are in German, > however. > The chapters (of varying length, as indicated by their mapping to > lessons) > are as follows: > > 01IT Security and Software Security > 02Fundamental Notions and Definitions > 03a Vulnerabilities and Attacks (Part 1) > 03b Vulnerabilities and Attacks (Part 2) > 04Security in the Software Development Process > 05Security Requirements Elicitation > 06Threat Analysis > 07a Security in Architecture and Design (Part 1) > 07b Security in Architecture and Design (Part 2) > 08a Secure Coding (Part 1) > 08b Secure Coding (Part 2) > 09Quality Assurance > 10, 11, 12 Process Models, Usability, and Conclusions > > You can find all the material at > http://www.iese.fraunhofer.de/lectures/peine/materialcourse/ > > This was the first iteration of my first self-designed lecture; it is > certainly not perfect yet (in fact I already have some improvements > sketched for the next iteration, such as reorganizing the process > material), so criticism is welcome. > > I know of few comparable lectures world-wide, i.e. university lectures > covering > security specifically from a software engineering viewpoint; so far, I'm > aware of the lectures by Pascal Meunier at Purdue and by Dieter Gollmann > > at Hamburg-Harburg; if you know of any others, I'd be glad to hear > about > those, too. > > Kind regards from Germany, > Holger Peine > > -- Robert C. Seacord Senior Vulnerability Analyst CERT/CC Work: 412-268-7608 FAX: 412-268-6989 ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] University lecture on Sec Sw Eng online
Hi guys, I'm interested in secure coding, could you send me an attachment with any reads you recommend? Sorry I don't have http access right now, so I will really appreciate this. Thanks, Rafael. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
[SC-L] University lecture on Sec Sw Eng online
I recently completed a lecture on secure software engineering, and I guess there a quite a few people on this list who could make use of some of the material, whether for their own presentations or simply for teaching themselves. The lecture was given at Kaiserslautern University of Technology as 12 lessons of 90 minutes (each comprising about 35 slides) in English; note that the accompanying student exercise problems are in German, however. The chapters (of varying length, as indicated by their mapping to lessons) are as follows: 01 IT Security and Software Security 02 Fundamental Notions and Definitions 03a Vulnerabilities and Attacks (Part 1) 03b Vulnerabilities and Attacks (Part 2) 04 Security in the Software Development Process 05 Security Requirements Elicitation 06 Threat Analysis 07a Security in Architecture and Design (Part 1) 07b Security in Architecture and Design (Part 2) 08a Secure Coding (Part 1) 08b Secure Coding (Part 2) 09 Quality Assurance 10, 11, 12 Process Models, Usability, and Conclusions You can find all the material at http://www.iese.fraunhofer.de/lectures/peine/materialcourse/ This was the first iteration of my first self-designed lecture; it is certainly not perfect yet (in fact I already have some improvements sketched for the next iteration, such as reorganizing the process material), so criticism is welcome. I know of few comparable lectures world-wide, i.e. university lectures covering security specifically from a software engineering viewpoint; so far, I'm aware of the lectures by Pascal Meunier at Purdue and by Dieter Gollmann at Hamburg-Harburg; if you know of any others, I'd be glad to hear about those, too. Kind regards from Germany, Holger Peine -- Dr. Holger Peine, Project Manager Security Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany Phone +49-631-6800-2134, Fax -1899 (shared) http://www.iese.fraunhofer.de PGP key via http://pgp.mit.edu ; fingerprint is 1BFA 30CB E3ED BA99 E7AE 2BBB C126 A592 48EA F9F8 ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___