csce548-final-review

csce548-final-review - CSCE 548 Secure Software Development...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
CSCE 548 CSCE 548 Secure Software Secure Software Development Development Project Requirements Project Requirements Final Exam – Review Final Exam – Review
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Project – Final Report Project – Final Report Due: Post the Project Final Report on the project's web site by MIDNIGHT April 26, 2010 CSCE 548 - Farkas 2
Background image of page 2
Final Project Format Final Project Format Title Author Abstract What you did in this paper 1. Introduction 2. Related work 3. Background information 4. Current research/development 5. Conclusions and Future Work 6. Group members’ contributions References CSCE 548 - Farkas 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Final Project Format Final Project Format 1. Introduction Problem description, its importance Representative example Brief description of related works What is missing? Your work addressing the research/development gap Organization of the report CSCE 548 - Farkas 4
Background image of page 4
Final Project Format Final Project Format 4. Current research 4.1 Definition of concepts 4.2 Problem definition 4.3 Solution 4.4 Proof-sketch of solution correctness/efficiency/contribution to the area of Secure SW development CSCE 548 - Farkas 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
FINAL EXAM FINAL EXAM CSCE 548 - Farkas 6
Background image of page 6
CSCE 548 - Farkas 7 Reading Reading McGraw: Software Security: Chapters 1 – 9, 12 19 Deadly Sins: 1. Chapter 1: Buffer overruns 2. Chapter 2: Format string problems 3. Chapter 3: Integer overflows 4. Chapter 4: SQL injection 5. Chapter 5: Command injection 6. Chapter 6: Failure to handle errors 7. Chapter 7: Cross-site scripting 8. Chapter 10: Improper use of SSL 9. Chapter 13: Information leakage 10. Chapter 14: Improper file access 11. Chapter 16: Race conditions 12. Chapter 19: Poor usability
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Non-Textbook Reading Non-Textbook Reading Jan Jürjens, Towards Development of Secure Systems using UMLsec, http://citeseer.ist.psu.edu/536233.html Lodderstedt et. al, SecureUML: A UML-Based Modeling Language for Model-Driven Security, http://citeseer.ist.psu.edu/lodderstedt02secureuml.html Software reliability, John C. Knight, Nancy G. Leveson, An Experimental Evaluation Of The Assumption Of Independence In Multi-Version Programming, http://citeseer.ist.psu.edu/knight86experimental.html B. Littlewood, P. Popov, L. Strigini, "Modelling software design diversity - a review", ACM Computing Surveys, Vol. 33, No. 2, June 2001, pp. 177-208, http://portal.acm.org/citation.cfm?doid=384192.384195 CSCE 548 - Farkas 8
Background image of page 8
Reading cont. Reading cont.
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 31

csce548-final-review - CSCE 548 Secure Software Development...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online