1. No category

Proposed Syllabus
ENPM808K: Secure Software Testing and Construction
Fall Semester 2015
Instructor: Dharmalingam Ganesan, PhD
Office: Fraunhofer Center, 5825 University Research Court (Suite 1300), College Park
Contact: 240 487 2915, [email protected]
Class hours: W, 7:00pm ‐ 9:40pm
Class location: JMP 2120 (DETS)
Course Description:
This course teaches the fundamentals of software testing from the viewpoint of security. An
in depth discussion on various security testing methods and tools vulnerabilities will be
taught with hands-on demo of concepts during the class. Students will learn how to perform
penetration testing in a practical way using well-established tools such as Kali Linux. The
course will cover different types of systems including web-based systems and some
internals of OS kernel software testing and exploitation. The course will also teach software
design patterns to built-in security during the architectural phase of the lifecycle.
Course Prerequisite: Equivalent of ENPM 691
Students taking this course should have prior knowledge of programming. In particular, this
course assumes that the students are familiar with basic programming constructs as well as
basic assembly language constructs.
Learning Outcome:





Understand the fundamentals of security testing of software-based systems.
Perform types of security attacks (e.g. DLL hijacking, Man-in-the-middle, etc.).
Perform static or dynamic analysis of source code from the viewpoint of security.
Perform security scanning of devices using freely available software.
Understand software design patterns for security.
Reading Materials:
We will cover selected chapters from each of the following books. In addition, we may refer
to several online materials (e.g., papers, blogs, presentations, videos). Students need not
buy the books. Lecture slides and other publicly available resources should be good enough
for exams.

Michael Sutton, Adam Greene, Pedram Amini. Fuzzing: Brute Force Vulnerability
Discovery.

Tedi Heriyanto, Lee Allen, Shakeel Ali. Kali Linux: Assuring Security By Penetration
Testing.
Grading:
1
The tentative final grade breakdown is as follows:
Quiz
Homework
Mid-term
Presentation
Final Exam




10%
15%
20%
25%
30%
There will be one quiz, one mid-term, and a final exam. Students will be given at
most three homework assignment sheets. In addition, students are expected to give
a group presentation of a project directly related to this course. Online students who
are unable to make a presentation via Skype (or other equivalent) will have to write
a project report in addition to slides.
It is the student's responsibility to inform the instructor of any intended absences for
religious observances in advance. Notice should be provided as soon as possible but
no later than the end of the schedule adjustment period.
Academic Integrity: The University's Code of Academic Integrity is designed to
ensure that the principle of academic honesty is upheld. All students are expected to
adhere to this Code. All acts of academic dishonesty will be dealt with in accordance
with the provisions of this code. Please visit the following website for more
information
on
the
University's
Code
of
Academic
Integrity:
http://www.studenthonorcouncil.umd.edu/code.html
Honor Pledge: All assignments and exams for this course are governed by the
Honor Pledge: “I pledge on my honor that I have not given or received any
unauthorized assistance on this exam/assignment.”
Tentative Syllabus:
Week
1
Topics
Introduction
A brief tour of the course
Setting up the testing environment - Kali Linux Overview
2
3
4
5
Static Analysis for Security
Security Testing of Web-based Systems
Quiz (1 hour) OS Kernel Security and Exploitation
Architecture/Design Analysis for Security
Attack Patterns
6
7
7
8
9
10
11
12
Dynamic Analysis for Security – Part 1
Mid-term
Dynamic Analysis for Security Bugs – Part 2
Fuzz Testing
Security Testing and Analysis for Regulatory Compliance and Standards
Assessing Enterprise Security Risks using Vulnerability Scanners
Password Analysis and Testing
Design Patterns for Security
2
Week
13
14
15
Topics
Security Testing of Network Protocols
Project Presentations by students (30 min per group)
Final Exam ( 2 hours)
Please note that the instructor may refine and/or exclude certain content if deemed
necessary, thus, the order of the weekly content might possibly change during the course.
Computing Requirements:
During the class, the instructor will use Kali Linux on a 32-bit machine. However,
occasionally a 64-bit version will also be used to demonstrate some concepts to show
differences to 32-bit representations. Kali Linux is selected because it comes up with more
than 400 security testing tools.
Code of Academic Integrity
The University of Maryland, College Park has a nationally recognized Code of Academic
Integrity, administered by the Student Honor Council. This Code sets standards for
academic integrity at Maryland for all undergraduate and graduate students. As a student
you are responsible for upholding these standards for this course. It is very important for
you to be aware of the consequences of cheating, fabrication, facilitation, and plagiarism.
For more information on the Code of Academic Integrity of the Student Honor Council,
please visit http://shc.umd.edu/SHC/HonorPledgeInformation.aspx.
3