Secure Software Development (SecDev)

Course information

20-00-0936-vl, 3 CP, 2 SWS
When: Fridays from 15:20 to 17:00
Where: S202/C205
Lecturer: Dr. Lotfi ben Othmane (lotfiben DOT Othmane AT cased DOT de)
Further information: Course summary

 

Recommended reading
For further details, we recommend the following books:
Software Security–Building Security In (Gary McGraw)
Threat Modeling–designing for Security (Adam Shostack)
The Web Application Hacker’s Handbook (Dafydd Stuttard and Marcus Pinto)

Notes
Each lecture includes about 10 min discussion on recent news about software vulnerabilities.

 

Contact information
Students are free to use the Forum provided by the Fachschaft. For any important query, send an email to Lotfi ben Othmane.

SVN
Assignments will be submitted by SVN.
https://repository.st.informatik.tu-darmstadt.de/sse/secdev/2015/

Exam date: March 16th, 2016. 2 pm – 4 pm.

Course Moodle
https://moodle.informatik.tu-darmstadt.de/course/view.php?id=495
Enrolment key: SSD2015

Surveys
Surveys will be used throughout the course to assess the quality of teaching. They will not be graded and we encourage the contribution of students.

 

Week 1: Oct. 15th – Overview of software attacks

Instructor: Lotfi ben Othmane

Lecture slides are available here.
Lab organization:

  • Before Friday, October 23rd, 11:59 am, students should :
    • Register through the RBG system.
    • Form groups of two.
    • Add their usernames and groups here. (Switched to a Google form)
    • Last minute queries concerning groups will be discussed next week.

Week 2: Oct. 23rd – Threat modeling

Instructors: Andreas Poller, Sven Türpe

Lecture slides are available here (26/10/2015)

The demo video is available here

Lab organization:

  • Group numbers will be communicated to the students’ TU emails
  • Groups with at least one member not registered in TUCaN will not be registered

Lab 1: Due on Thursday, November 05th, 23:59 – CANCELED

Complementary reading

Week 3: Oct. 30rd – Risk assessment

Instructor: Lotfi ben Othmane

Lecture slides are available here

Lab organization:

  • Lab 1 is canceled and replaced by Lab 1R

Lab 1R: Due on Sunday, November 08th, 23:59 (Extended)

Complementary reading

Week 4: Nov. 6th – Risk assessment (cont.), Security requirements

Instructor: Lotfi ben Othmane

Lecture slides are available here

General announcements:

Lab organization:

  • Lab submissions (1R or 2) can also be done on Moodle.

Lab 2: Due on Thursday, November 19th, 23:59

Resources for research skills

Complementary reading

Week 5: Nov. 13th – Security requirements (cont.) and Security architecture

Instructor: Dr. Lotfi ben Othmane and Philipp Holzinger

Lecture slides are available here

Complementary reading

Week 6: Nov. 20th – Static code analysis

Instructor: Lisa Nguyen Quang Do

Lecture slides are available here

Complementary reading

  • Secure Software Engineering Group,Fraunhofer SIT, Security Analysis of TrueCrypt, 2015
  • Data Flow Analysis: Theory and practice (Khedker et al.)
  • Principles of Program Analysis (Flemming et al.)

 Week 6: Nov. 27th – Security Assessments

Instructor: Jan Steffan

Lecture slides are available here

General announcements:

  • Scores for Lab 1R are posted on Moodle. The comments were sent through Moodle or TUCaN
  • Project proposals shall be sent to the instructor no later than December 4th.
  • Research activity proposals  shall be send to the instructor no later than December 11th.

Complementary reading

  • Michael Felderer, Matthias Büchlein, Martin Johns, Achim D. Brucker, Ruth Breu, and Alexander Pretschner. Security Testing: A Survey. In Advances in Computers, 101, 2015.

Week 7: Dec. 4th – No lecture

Week 8: Dec. 11th – Secure Software Development Life-Cycle

Instructor: Dr. Lotfi ben Othmane

Lecture slides are available here
General announcements:

  • Notifications and comments about the projects proposals have been sent.
  • The lecture of Dec. 4 will be replaced in January. The date will be announced later.

Complementary reading