Re: [SC-L] University lecture on Sec Sw Eng online

2007-08-23 Thread pmeunier
Speaking about online secure programming materials, I'd love to hear any 
feedback, positive or negative, about the course materials I posted 
online years ago at http://projects.cerias.purdue.edu/secprog/, or the 
more recent derived versions at http://www.cs.purdue.edu/homes/cs390s/

Did anyone use them at all?  What could I do to improve them?

Thanks,
Pascal Meunier
Purdue University CERIAS


[EMAIL PROTECTED] wrote:
> I recently completed a lecture on secure software engineering,
> and I guess there a quite a few people on this list who could
> make use of some of the material, whether for their own presentations
> or simply for teaching themselves.
> 
> The lecture was given at Kaiserslautern University of Technology as 
> 12 lessons of 90 minutes (each comprising about 35 slides) in English; 
> note that the accompanying student exercise problems are in German,
> however. 
> The chapters (of varying length, as indicated by their mapping to
> lessons) 
> are as follows:
> 
> 01IT Security and Software Security
> 02Fundamental Notions and Definitions
> 03a   Vulnerabilities and Attacks (Part 1)
> 03b   Vulnerabilities and Attacks (Part 2) 
> 04Security in the Software Development Process
> 05Security Requirements Elicitation 
> 06Threat Analysis
> 07a   Security in Architecture and Design (Part 1)
> 07b   Security in Architecture and Design (Part 2)
> 08a   Secure Coding (Part 1) 
> 08b   Secure Coding (Part 2)
> 09Quality Assurance
> 10, 11, 12 Process Models, Usability, and Conclusions 
> 
> You can find all the material at
> http://www.iese.fraunhofer.de/lectures/peine/materialcourse/
> 
> This was the first iteration of my first self-designed lecture; it is 
> certainly not perfect yet (in fact I already have some improvements
> sketched for the next iteration, such as reorganizing the process
> material), so criticism is welcome. 
> 
> I know of few comparable lectures world-wide, i.e. university lectures
> covering 
> security specifically from a software engineering viewpoint; so far, I'm
> aware of the lectures by Pascal Meunier at Purdue and by Dieter Gollmann
> 
> at Hamburg-Harburg;  if you know of any others, I'd be glad to hear
> about 
> those, too.
> 
> Kind regards from Germany,
> Holger Peine
> 

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


Re: [SC-L] University lecture on Sec Sw Eng online

2007-08-03 Thread Robert C. Seacord

In an off-line conversation, Holger suggested I put up a pointer to the
undergraduate course in "Secure Programming" I offered this past spring
in the School of Computer Science at CMU:

https://www.securecoding.cert.org/confluence/display/sci/15392+Secure+Programming

This course probably overlaps  somewhat with Holger's Secure Coding
lectures but also contains additional material.

The course uses the Addison-Wesley book "Secure Coding in C and C++" as
a text.

rCs

> I recently completed a lecture on secure software engineering,
> and I guess there a quite a few people on this list who could
> make use of some of the material, whether for their own presentations
> or simply for teaching themselves.
>
> The lecture was given at Kaiserslautern University of Technology as 
> 12 lessons of 90 minutes (each comprising about 35 slides) in English; 
> note that the accompanying student exercise problems are in German,
> however. 
> The chapters (of varying length, as indicated by their mapping to
> lessons) 
> are as follows:
>
> 01IT Security and Software Security
> 02Fundamental Notions and Definitions
> 03a   Vulnerabilities and Attacks (Part 1)
> 03b   Vulnerabilities and Attacks (Part 2) 
> 04Security in the Software Development Process
> 05Security Requirements Elicitation 
> 06Threat Analysis
> 07a   Security in Architecture and Design (Part 1)
> 07b   Security in Architecture and Design (Part 2)
> 08a   Secure Coding (Part 1) 
> 08b   Secure Coding (Part 2)
> 09Quality Assurance
> 10, 11, 12 Process Models, Usability, and Conclusions 
>
> You can find all the material at
> http://www.iese.fraunhofer.de/lectures/peine/materialcourse/
>
> This was the first iteration of my first self-designed lecture; it is 
> certainly not perfect yet (in fact I already have some improvements
> sketched for the next iteration, such as reorganizing the process
> material), so criticism is welcome. 
>
> I know of few comparable lectures world-wide, i.e. university lectures
> covering 
> security specifically from a software engineering viewpoint; so far, I'm
> aware of the lectures by Pascal Meunier at Purdue and by Dieter Gollmann
>
> at Hamburg-Harburg;  if you know of any others, I'd be glad to hear
> about 
> those, too.
>
> Kind regards from Germany,
> Holger Peine
>
>   


-- 
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC 

Work: 412-268-7608
FAX: 412-268-6989

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


Re: [SC-L] University lecture on Sec Sw Eng online

2007-08-01 Thread Rafael Ruiz
Hi guys, I'm interested in secure coding, could you send me an
attachment with any reads you recommend? Sorry I don't have http access
right now, so I will really appreciate this.

Thanks, Rafael. 

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


[SC-L] University lecture on Sec Sw Eng online

2007-08-01 Thread Holger.Peine
I recently completed a lecture on secure software engineering,
and I guess there a quite a few people on this list who could
make use of some of the material, whether for their own presentations
or simply for teaching themselves.

The lecture was given at Kaiserslautern University of Technology as 
12 lessons of 90 minutes (each comprising about 35 slides) in English; 
note that the accompanying student exercise problems are in German,
however. 
The chapters (of varying length, as indicated by their mapping to
lessons) 
are as follows:

01  IT Security and Software Security
02  Fundamental Notions and Definitions
03a Vulnerabilities and Attacks (Part 1)
03b Vulnerabilities and Attacks (Part 2) 
04  Security in the Software Development Process
05  Security Requirements Elicitation 
06  Threat Analysis
07a Security in Architecture and Design (Part 1)
07b Security in Architecture and Design (Part 2)
08a Secure Coding (Part 1) 
08b Secure Coding (Part 2)
09  Quality Assurance
10, 11, 12 Process Models, Usability, and Conclusions 

You can find all the material at
http://www.iese.fraunhofer.de/lectures/peine/materialcourse/

This was the first iteration of my first self-designed lecture; it is 
certainly not perfect yet (in fact I already have some improvements
sketched for the next iteration, such as reorganizing the process
material), so criticism is welcome. 

I know of few comparable lectures world-wide, i.e. university lectures
covering 
security specifically from a software engineering viewpoint; so far, I'm
aware of the lectures by Pascal Meunier at Purdue and by Dieter Gollmann

at Hamburg-Harburg;  if you know of any others, I'd be glad to hear
about 
those, too.

Kind regards from Germany,
Holger Peine

-- 
Dr. Holger Peine, Project Manager Security
Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany
Phone +49-631-6800-2134, Fax -1899 (shared)
http://www.iese.fraunhofer.de
PGP key via http://pgp.mit.edu ; fingerprint is 1BFA 30CB E3ED BA99 E7AE
2BBB C126 A592 48EA F9F8

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___