Software Security: Practical Defensive Strategies
Warren T. Jones, Ph.D., P.E.
It is common knowledge
that security is one of the most important issues in the computer field today.
What is not apparent to many is that the security challenges today are frequently
software problems. The weak points are the applications at the ends of the communications
link and therefore represent the points of greatest vulnerability to attack.
The purpose of this course is to present recommended approaches to software
security including threat modeling, programming language security in C/C++,
Java and Perl and activities for each stage of the software development life
cycle. Smart card security and security certification for IT products are also
This course includes a multiple-choice quiz at the end, which is designed to enhance the understanding of the course materials.
At the conclusion of this three-hour course, the student will learn:
This course is
intended for all engineers.
The course content is in a PDF file (762 K) Software Security: Practical Defensive Strategies. You need to open or download above documents to study this course.
You need to open or download these documents to study this course.
Table of Contents
Module #1: Introduction and Definitions
Module #2: Approaches
to the Security Problem
Module #3: Principles for Software Security
Module #4: Threat Modeling
Module #5: C/C++ Security
Module #6: Java Security
Module #7: Perl Security
Module #8: Common
This course presents
an introduction to software security with the objective of providing practical
strategies for addressing security challenges. The risks of the popular "penetrate
and patch" approach to software security along with the advantages of the
recommended approach of integrating security considerations into the software
development life cycle are discussed. Tools and techniques are presented that
can enhance security at each stage of the life cycle as well as general principles
for more secure design. Specific practices are recommended for programming in
C/C++, Java and Perl. Security issues of smart cards and the certification of
IT products are also discussed. Additional book and web resources are given
for a more in-depth follow-up study.
Once you finish studying the above course content, you need to take a quiz to obtain the PDH credits.