CYS632 Secure Software Development

[3–0, 3 cr.]

This course focuses on the variety of elements needed to address and implement secure software acquisition and development throughout the software development life cycle (SDLC). The course addresses people, technology, tools, and processes to design and develop consistently secure applications from start to finish. Additionally, it underscores the importance and value of the Defense-in-Depth principle across the entire SDLC. Topics covered include security in requirements engineering; secure designs; risk analysis; the SQUARE process model; threat modeling; defensive coding; fuzzing; static analysis and security assessment; memory leaks, buffer and heap overflow attacks, and injection attacks.  The course also introduces techniques to adapt common security activities to modern software development practices such as Agile and DevSecOps.