Course Modules for Software Security

Each year the reported number of security vulnerabilities increases as does the sophistication of attacks to exploit these vulnerabilities. Most security vulnerabilities are the result of insecure coding practices. There is a critical need to increase the security education of computer science students, particularly in software security. We are designing course modules, to be used at the undergraduate or graduate level, to integrate software system security into our computer science curriculum. The course modules we have developed, and are developing, include: operating system security, software security testing, code review, risk analysis, and database security. Each course module includes lecture materials, inclass demonstrations, and hands-on assignments. These course modules are designed to be integrated into existing courses. The software security testing and database security modules were taught at this university in the Fall 2007 semester and received positive feedback from student surveys and questionnaires. The other modules will be taught in the Spring 2008 semester. Future work will include the development of more topics in these modules and the creation of new modules in secure software development. Index terms – Secure Software Engineering, Risk Analysis, Code Review, Operating System Security, Database Security, Secure Software Testing