CS 390S: Secure Programming

If you wonder how vulnerabilities are created, and what are the various types of vulnerabilities, this class is for you. If you want to be more employable and have an edge, this class will show employers that you are less likely to cause them embarrassment and cost them through mistakes. They also won't have to pay huge sums to send you to secure programming seminars and classes. This one-credit class will explain the fundamental issues in secure programming: trust management, design issues, and the many stupid little mistakes with big consequences that programmers are likely to do. No book purchase is required, as the material is entirely provided on slides. We will focus on how to do things correctly, and not on exploits (although examples will be provided for entertainment and motivational reasons). Students interested in how some exploits work may consult "Secure Coding in C/C++" (Seacord 2005, Addison-Wesley) while taking this class.

Topics covered

  • Shell and environment
  • Buffer overflows
  • Integer overflows
  • Format strings
  • Meta-character vulnerabilities (code injection) and Input Validation
  • Web Application issues (including cross-site scripting vulnerabilities)
  • Race conditions
  • File system issues
  • Randomness


Cr. 1 Concurrent or prior registration in CS 354 or CS 355 is required. CS majors may use this course only as a free elective.


Pascal Meunier, Ph.D., M.Sc., CISSP


Lecture: W 2:30-3:20 PM, LWSN 1106

Course Organization

The course consists of mixed lecture and lab sessions, as well as two in-class quizzes.

Grade Distribution

The final grade will be 50% for the two quizzes, and 50% for the projects. The projects will consist of a number of quick mini-labs and 2 longer labs. Half of the class will get an A and the other half a B. Attendance at the quizzes is necessary to pass this class.
First Quiz: date to be decided in class
Last Quiz: last class before dead week
No Final exam

Lists and Announcements:

All announcements will be sent via email. It is important that you add yourself to the cs390s mailing list. From your CS account type:
"mailer add me to cs390s"

To verify that you are on the list you may type

"mailer list cs390s"
To get help with the mailer program type "mailer help" or "man mailer".
Fall 2006 web site
Validate HTML