Print this page Print this page

Software Security: Practical Defensive Strategies

Warren T. Jones, Ph.D., P.E.

Course Outline

It is common knowledge that security is one of the most important issues in the computer field today. What is not apparent to many is that the security challenges today are frequently software problems. The weak points are the applications at the ends of the communications link and therefore represent the points of greatest vulnerability to attack. The purpose of this course is to present recommended approaches to software security including threat modeling, programming language security in C/C++, Java and Perl and activities for each stage of the software development life cycle. Smart card security and security certification for IT products are also discussed.

This course includes a multiple-choice quiz at the end, which is designed to enhance the understanding of the course materials.

Learning Objective

At the conclusion of this three-hour course, the student will learn:

Intended Audience

This course is intended for all engineers.

Course Content

The course content is in a PDF file (762 K) Software Security: Practical Defensive Strategies. You need to open or download above documents to study this course.

You need to open or download these documents to study this course.

Table of Contents

Module #1: Introduction and Definitions

Module #2: Approaches to the Security Problem

Module #3: Principles for Software Security

Module #4: Threat Modeling

Module #5: C/C++ Security

Module #6: Java Security

Module #7: Perl Security

Module #8: Common Criteria

Web Resources

Textbook and Other Resources

Course Summary

This course presents an introduction to software security with the objective of providing practical strategies for addressing security challenges. The risks of the popular "penetrate and patch" approach to software security along with the advantages of the recommended approach of integrating security considerations into the software development life cycle are discussed. Tools and techniques are presented that can enhance security at each stage of the life cycle as well as general principles for more secure design. Specific practices are recommended for programming in C/C++, Java and Perl. Security issues of smart cards and the certification of IT products are also discussed. Additional book and web resources are given for a more in-depth follow-up study.


Once you finish studying the above course content, you need to take a quiz to obtain the PDH credits.

DISCLAIMER: The materials contained in the online course are not intended as a representation or warranty on the part of PDH Center or any other person/organization named herein. The materials are for general information only. They are not a substitute for competent professional advice. Application of this information to a specific project should be reviewed by a registered architect and/or professional engineer/surveyor. Anyone making use of the information set forth herein does so at their own risk and assumes any and all resulting liability arising therefrom.