Next Semester, the Secure Software Engineering Group will offer a new seminar course “Secure Software Development (SecDev)”. The goal of the course is to provide software developers with the knowledge and first experience they need for developing secure software. Additionally, they will learn how to develop knowledge and share it and how to investigate a research problem on secure software development.The main topics are:

1. Secure software development life-cycle
2. Threat modeling
3. Risk assessment
4. Security requirements
5. Security architecture
6. Secure coding standards
7. Security code analysis
8. Security testing
9. Security code review
10. Empirical analysis for secure software development

More information can be found on the course website.

UPDATE: THE POSITION HAS BEEN FILLED!

Is this for you?

The following code uses the symmetric encryption scheme AES, for instance to store some application data encrypted on disk. The code contains at least four different severe API-usage mistakes that may cause the code to crash or to be insecure:

String secretKey = "x$&78_;:$%$ä0$%=$%4352";
byte[] keyBytes = secretKey.getBytes();
SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "AES");
Cipher cipher = Cipher.getInstance("AES");

Can you spot these mistakes? The more you can find, and the more you enjoy finding them, the more likely the position might be the right one for you. Continue reading →