Application Security

Title Application Security (56512)
Quarter Spring 2019
Instructor William Conner (wconner@cs.uchicago.edu)
Website

https://sites.google.com/site/wgconner2/appsec-sp19
Syllabus

Description

This course will introduce secure development practices for networked applications. Application

vulnerabilities will be studied to motivate the mitigations presented in the course. Particular

emphasis will be placed on UNIX systems programming in C, Web applications, and the OWASP Top Ten. Programming

assignments will involve exploiting vulnerabilities and implementing defense mechanisms.


Topics

● Memory corruption

● Code injection

● Web vulnerabilities

● Authentication and authorization

● Session management

● Containment and isolation

● Cloud security

● Secrets management

● Threat modeling

● Code auditing, testing, and patching


Coursework

● Written homework assignments

● Programming projects

● Midterm and final exams


Textbook

There is no required textbook for this course, but The Art of Software Security Assessment (Volume 1) is recommended.
Prerequisites (Courses)

Core Programming (required)

One of the following courses is required:
○ MPCS 56511: Introduction to Computer Security
○ MPCS 52553: Web Development

MPCS 52011: Introduction to Computer Systems (recommended, but not required)
Prerequisites (Other)

Familiarity with (or willingness to learn) the C programming language (required)
Familiarity with Java and/or Python (required)
Familiarity with the Linux command line (required)
Satisfies

Elective
Time

Thursday 5:30-8:30PM

Location

RY 276