CIS 4615 unit -*- Outline -*- * Introductory Material about the course. ** introduction what the course is about * Overview and Background ** background the business, the threat landscape, threat modeling ** specification overview of speciication techniques *** common-criteria of security and assurance, specifiction of security functional requirements *** umlsec the security extension to UML * Secure Implementation mainly drawn from 24 Deadly Sins of Software Security ** secure-web sins related to web design and coding ** secure-code sins related to app implementation (esp. in C and C++) ** secure-crypto sins related to cryptography ** secure-networking sins related to networking * Analysis for Security ** analysis-overview static vs. dynamic analysis, advantages and disadvantages, limits ** static-analysis of source code for vulnerabilities ** dynamic-analysis of source code for vulnerabilities * Reverse Engineering ** reversing-overview goals, static vs. dynamic approaches, setting up an environment ** static-reversing of binary code to understand functionality ** dynamic-reversing of binary code to understand functionality * summary-review