Secure Coding Project

The goal of my project is to provide course modules such as presentation slides, case studies and references that instructors can use to develop curriculum around security in computing systems. This can provide a good starting point for instructors to familiarize themselves with security topics and also to adopt them in their teaching. Malicious users exploit, take advantage of vulnerable systems causing economic damages. Security education can address this issue by ensuring that tomorrow's workforce adopts secure coding practices early on in their life. When building a product, security should not be an afterthought instead this should be built right into the product. Few security vulnerability modules related to the coding phase were already developed in my project, my task was to research other phases of Software Development Lifecycle (SDLC) and develop similar modules in an iterative way. My goals for doing this project were:

  • Develop new modules targeting all areas of SDLC life cycle using academic literature and research.
  • To demonstrate good analytical and problem solving skills.
  • Identify good practices related to the project and evaluate appropriate ones to disseminate.
  • Integrating security concepts and advanced methods with tools
  • Refining inter-personal and project management skills

Overview of materials designed for one module consisting of slides, assignment and references
Figure 1: Overview of materials designed for one module consisting of slides, assignment and references.

With the help of my advisor I picked topics such as Secure Development, Static analysis, Fuzz testing and designed lecture slides, case studies/assignments, code examples using security tools and list of references for each of them. I have prepared roughly 45 – 50 slides for each module covering basic terms and concepts, tools and references to original materials. For the case studies, I came up with code examples/data flow diagrams where simple security tools such as SDL Threat modeling tool, FxCop, SDL Regex Fuzzer could be used. It was highly educational working on these modules and the valuable knowledge gained from my project will definitely help me in my career.

Back to top

Project Info

Sangeetha Venkataraman

Student
Sangeetha Venkataraman

Faculty Advisor
Mark Kochanski

Project Link
Security Teaching