Software Security #
Introduces students to the discipline of designing, developing, and testing secure and dependable software-based systems. Students will learn about risks and vulnerabilities, and effective software security techniques. Topics include common vulnerabilities, access control, information leakage, logging, usability, risk analysis, testing, design principles, security policies, and privacy. Project required.
Upon successful completion of this course, a student will be able to…
- Describe common vulnerabilities and software weaknesses that affect security and privacy in software.
- Assess the security risk of a system under development using a risk management framework.
- Describe secure coding practices and techniques that can be incorporated into the security development lifecycle.
- Document security requirements through functional requirements specifications and misuse/abuse cases.
- Apply design principles (such as defense in depth, least privilege, and separation of privilege) when developing secure software.
- Construct attack and defense trees to help analyze and address risks that exist in software.
- Perform threat modeling when designing software to identify threats, document mitigation strategies, and validate that threats have been addressed.
- Perform security testing, including fuzz testing and penetration testing.
Course Overview #
| Course Name | CSC 515 - Software Security |
| Semester | Fall 2025 |
| Credits | 3 |
| Format | In-person (001); Virtual (601) |
| Meeting Times | 10:15 AM - 11:30 AM (001) |
| Meeting Location | 2207 Engineering Building 3 |
| Role | Instructor |
| laurie_williams@csc.ncsu.edu | |
| Office Hours | Thurs 8:30-9:30 |
| Virtual | [Zoom] (https://ncsu.zoom.us/j/96301894343?pwd=Lb88lwrVKXctiTO9waZgPXqPtke1Lv.1) |
| Virgil English | kvenglis@ncsu.edu |
| Office Hours: Tues 11-12 | EB2 Room 2240 |
| Ummay Kulsum | ukulsum@ncsu.edu |
| Office Hours: Mon 3:30-4:30 | [Zoom] (https://ncsu.zoom.us/j/92648626748?pwd=zE4iyUiRx4cE9cR1BdY83xkfToXwmg.1) |
Course Objectives #
Students will be exposed to the techniques needed for the practice of effective software security techniques. By the end of the course, you should be able to do the following things:
Security risk management. Students will be able to assess the security risk of a system under development. Risk management will include the development of formal and informal misuse case and threat models. Risk management will also involve the utilization of security metrics.
Security testing. Students will be able to perform all types of security testing, including fuzz testing at each of these levels: white box, grey box, and black box/penetration testing.
Secure coding techniques. Students will understand secure coding practices to prevent common vulnerabilities from being injected into software.
Security requirements, validation and verification. Students will be able to write security requirements (which include privacy requirements). They will be able to validate these requirements and to perform additional verification practices of static analysis and security inspection.