Software Security #
Introduces students to the discipline of designing, developing, and testing secure and dependable software-based systems. Students will learn about risks and vulnerabilities, and effective software security techniques. Topics include common vulnerabilities, access control, information leakage, logging, usability, risk analysis, testing, design principles, security policies, and privacy. Project required.
Upon successful completion of this course, a student will be able to…
- Describe common vulnerabilities and software weaknesses that affect security and privacy in software.
- Assess the security risk of a system under development using a risk management framework.
- Describe secure coding practices and techniques that can be incorporated into the security development lifecycle.
- Document security requirements through functional requirements specifications and misuse/abuse cases.
- Apply design principles (such as defense in depth, least privilege, and separation of privilege) when developing secure software.
- Construct attack and defense trees to help analyze and address risks that exist in software.
- Perform threat modeling when designing software to identify threats, document mitigation strategies, and validate that threats have been addressed.
- Perform security testing, including fuzz testing and penetration testing.
Course Overview #
| Course Name | CSC 415 - Software Security |
| Semester | Spring 2025 |
| Credits | 3 |
| Format | In-person |
| Meeting Times | Monday and Wednesday 04:30 PM - 05:45 PM |
| Meeting Location | 2207 Engineering Building 3 |
| Role | Instructor |
| laurie_williams@csc.ncsu.edu | |
| Office Hours | Thursday 8:30 - 9:30 Zoom |
| Virtual | [Zoom] (https://ncsu.zoom.us/j/96301894343?pwd=Lb88lwrVKXctiTO9waZgPXqPtke1Lv.1) |
| Nazuml Haque | mahaque4@ncsu.edu |
| Office Hours | Friday 2:00 - 3:00 [Zoom] (https://ncsu.zoom.us/j/95758143964?pwd=Qsq4gEaeTJVyU6uCpbj1s4CS5JS17H.1) |
| Shanmukh Pawan Moparthi | smopart2@ncsu.edu |
| Office Hours | Tuesday 9:00 - 10:00 [Zoom] (https://ncsu.zoom.us/j/97768595098?pwd=OsZsnslOEmvVaNaTuylOX4o4B4sOiV.1) |
Course Objectives #
Students will be exposed to the techniques needed for the practice of effective software security. By the end of the course, you should be able to do the following things:
Security risk management. Students will be able to assess the security risk of a system under development. Risk management will include the development of formal and informal misuse case and threat models. Risk management will also involve the utilization of security metrics.
Security testing. Students will be able to perform all types of security testing, including fuzz testing at each of these levels: white box, grey box, and black box/penetration testing.
Secure coding techniques. Students will understand secure coding practices to prevent common vulnerabilities from being injected into software.
Security requirements, validation, and verification. Students will be able to write security requirements (including privacy requirements), validate these requirements, and perform additional verification practices of static analysis and security inspection.