Secure software engineering teaching modules

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Secure software engineering teaching modules

Full text

Pdf (46 KB)

Source

Information security curriculum development archive
Proceedings of the 3rd annual conference on Information security curriculum development table of contents

Kennesaw, Georgia

SESSION: Pedagogy table of contents

Pages: 19 - 23

Year of Publication: 2006

ISBN:1-59593-437-5

Authors

James Walden	Northern Kentucky University, Highland Heights, KY
Charles E. Frank	Northern Kentucky University, Highland Heights, KY

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 10, Downloads (12 Months): 146, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1231047.1231052 What is a DOI?

ABSTRACT

We are designing a course in secure software engineering that will teach students how to incorporate security throughout the software development lifecycle. The class will serve as a capstone for a new graduate certificate in secure software engineering. This paper describes the class goals, the design for the class, and the materials that we will develop to teach secure software engineering. We are creating ten modules to cover the core topics in software security. Each module will cover one or more class goals and will consist of both explanatory materials and assignments to give students the opportunity to apply their learnings in a small context. The modules will be developed over the Summer and Fall of 2006, and the class will be first offered in Spring 2007. The class will also incorporate a team-based web development project that students will work on throughout the semester to gain experience applying security principles to a large-scale project.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Frank, C., Walden, J, and Shumba, R. "SIGCSE 2006 Birds of a Feather: Secure Software Engineering", Proceedings of the 37th SIGCSE Technical Symposium on Computer Science Education, Houston, Texas, USA, March 2006, p573.
	2	Michael Howard , David E. Leblanc, Writing Secure Code, Microsoft Press, Redmond, WA, 2002
	3	Michael Howard , David LeBlanc , John Viega, 19 Deadly Sins of Software Security, McGraw-Hill Osborne Media, 2005
	4	Michael Howard , Steve Lipner, The Security Development Lifecycle, Microsoft Press, Redmond, WA, 2006
	5	Gary McGraw, Software Security: Building Security In, Addison-Wesley Professional, 2006
	6	Microsoft Threat Analysis and Modeling Tool, http://msdn.microsoft.com/security/securecode/threatmodelin g/default.aspx.
	7	Salzer, J. and Schroeder, M., "The Protection of Information in Computer Systems," Proceedings of the IEEE 63 (9), pp. 1278--1308 (Sep, 1975).
	8	Secure Software Engineering Seminar website, http://www.nku.edu/~waldenj 1/classes/2006/spring/csc593/.
	9	Frank Swiderski , Window Snyder, Threat Modeling, Microsoft Press, Redmond, WA, 2004
	10	The Open Web Application Security Project (OWASP) website, http://www.owasp.org/index.jsp.
	11	The Open Web Application Security Project (OWASP), "A Guide to Building Secure Web Applications and Web Services", 2.0 Black Hat Edition, 2005.
	12	The Open Web Application Security Project (OWASP) WebGoat website, http://www.owasp.org/software/webgoat.html.
	13	The Open Web Application Security Project (OWASP) WebScarab website, http://www.owasp.org/software/webscarab.html.
	14	Viega, J. and McGraw, G "Building Secure Software: How to Avoid Security Problems in the Right Way", Addison-Wesley, 2001.