MPCS 56512 Application Security (Spring 2019)

Section 1
Instructor(s) Conner, William (wconner)
Location RY 276
Meeting Times Thursday 5:30pm - 8:30pm
Website: https://sites.google.com/site/wgconner2/appsec-sp19
Fulfills

Syllabus

Description

This course will introduce secure development practices for networked applications. Application

vulnerabilities will be studied to motivate the mitigations presented in the course. Particular

emphasis will be placed on UNIX systems programming in C, Web applications, and the OWASP Top Ten. Programming

assignments will involve exploiting vulnerabilities and implementing defense mechanisms.


Topics

● Memory corruption

● Code injection

● Web vulnerabilities

● Authentication and authorization

● Session management

● Containment and isolation

● Cloud security

● Secrets management

● Threat modeling

● Code auditing, testing, and patching


Coursework

● Written homework assignments

● Programming projects

● Midterm and final exams


Textbook

There is no required textbook for this course, but The Art of Software Security Assessment (Volume 1) is recommended.

Course Prerequisites

Core Programming (required)

One of the following courses is required:
○ MPCS 56511: Introduction to Computer Security
○ MPCS 52553: Web Development

MPCS 52011: Introduction to Computer Systems (recommended, but not required)

Other Prerequisites

Familiarity with (or willingness to learn) the C programming language (required)
Familiarity with Java and/or Python (required)
Familiarity with the Linux command line (required)

Overlapping Classes

This class is scheduled at a time that conflicts with these other classes:

  • MPCS 55001-1 -- Algorithms
  • MPCS 53001-1 -- Databases
  • MPCS 52040-1 -- Distributed Systems