CS 390S: Secure ProgrammingSlides will be posted on the same day as the class.
January 9: Introduction to Secure Programming & Motivation
Classes of Vulnerabilities and Attacks (Pascal Meunier) Wiley Handbook of Science and Technology for Homeland Security (distributed in class, or by email). You should read the first 4 pages this week and be done reading it by the mid-term.
January 16: Secure Programming Principles & Assurance
Week 2 (pdf)
January 23: Buffer Overflows
Week 3, version 2 with clipped text fixed (pdf)
January 30: Buffer Overflows, part 2
February 6: Integer Overflows, Format String Vulnerabilities
February 13: Shells and Environment
February 20: Exec calls, Trust Boundaries
Week 7, v2 (v2 changes: reworked the "exec" and "file descriptors" slides)
February 27: Mid-term
Does not include material seen on February 20. Remember, taking the mid-term is mandatory for a passing grade...
March 5: Meta-character vulnerabilities and code injection
March 12: Spring Break
March 19: Web Applications
April 2: File System Issues: Links, Directory Crawls, and Race Conditions
Week 13 (abridged version so we can catch up)
April 9: Randomness and Canonicalization
April 16: Last Exam
April 23: Solution to last exam, grades, discussions
Remember, there is no final, regardless of whether a final is scheduled by Purdue.