TDDC90 Software Security (6 ECTS)

HT2

Literature - Mandatory

The literature for this course is a collection of papers. Some papers may be accessible only via the university library's website. All papers listed below and the lecture notes are manadory reading for the exam. There is also a separate list of additional material to give you a deeper understanding of the topics (not required for the exam).

Lecture 1: Introduction

D. Wheeler. Secure Programmer: Developing Secure Programs

Lecture 2: Secure software development and secure design

			G. Sindre, A. Opdahl. Capturing Security Requirements through Misuse Cases
			L. Röstad. An extended misuse case notation: Including vulnerabilities and the insider threat. In Proceedings of the 12th Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ'06), 2006.
			F. den Braber, I. Hogganvik, M. S. Lund, K. Stölen, F. Vraasen.Model-based security analysis in seven steps - a guided tour to the CORAS method. Springer. BT Technology Journal, pp 101-117, 2007.
			B. Schneier. Attack trees: modeling security threats. Dr.Dobb's Journal, December 1999.
			Microsoft. Simplified Implementation of the Microsoft SDL. November 2010.
			C. Dougherty, K. Sayre, R. C. Seacord, D. Svoboda, K. Tagashi. Secure Design Patterns. Technical Report CMU/SEI-2009-TR-010.

Lectures 3 and 4: Vulnerabilities, exploits and prevention

We are mainly concerned with the principles. Note that some of the required papers may cover attacks on protection mechanisms. You will be expected to understand both the principles of the protection mechanisms and the principles of the attack.

			J. Pincus, B. Baker. Beyond stack smashing: recent advances in exploiting buffer overruns. IEEE Security & Privacy. 2004.
			blexim. Basic Integer Overflows
			D. Wheeler. Secure Programmer: Prevent Race Conditions
			A. I. Sotirov. Automatic Vulnerability Detection Using Static Source Code Analysis. Master's Thesis, University of Alabama, 2005. Read chapters 1-3 only
			S. Alexander. Defeating compiler-level buffer overflow protection. ;login:, June 2005.
			D. Wheeler. Secure Programmer: Validating Input
			D. Wheeler. Secure Programmer: Keep an Eye on Inputs

For the following CWE definitions of vulnerabilities, read and understand the Description, code examples, and Potential Mitigations for the Implementation phase. (Note that "mitigations" is used here with a different, broader meaning than in the lectures.)

			CWE-120
			CWE-121
			CWE-122
			CWE-415
			CWE-416
			CWE-190

Lecture 5: Web security

			OWASP Top 10 2021 Read each entry under "Top 10:2021 List" (A01-A10).
			Testing for brute force (OWASP-AT-004) (Exluding parts about the HTTP protocol)
			OWASP - Command injection
			OWASP - Cross-Site Request Forgery (CSRF)
			OWASP - Cross-Site Request Forgery - Prevention Cheat Sheet
			OWASP - Cross-Site Scripting (XSS)
			OWASP - XSS Prevention Cheat Sheet
			OWASP - SQL Injection
			OWASP - XXE

Lecture 6: Software engineering reviews

There is no mandatory reading for this lecture, except for the slides, but we recommend that you read the additional material on code inspections before this lecture.

Lecture 7 and 8: Static analysis

There is no mandatory reading for these lectures, except for the slides.

Lecture 9: Security testing

			P. Oehlert. Violating assumptions with fuzz testing. IEEE Security & Privacy, 2005.
			P. Godefroid, M. Y. Levin, and D. Molnar. SAGE: Whitebox Fuzzing for Security Testing. ACM. Queue 10, 1. 2012.

Page responsible: Ulf Kargén
Last updated: 2023-10-29

IDA - Department of Computer and Information Science