Secure Software

Marco Vieira, mvieira@dei.uc.pt

Nuno Antunes, nmsa@dei.uc.pt

# Date Class Readings before Class

Course Introduction; Security Concepts &

1.1 20/10/2022 Secure Software Fundamentals

1.2 21/10/2022 Software Vulnerabilities; OWASP Top 10 * Before Class: OWASP Top 10 2021, The OWASP Foundation, 2021, https://owasp.org/Top10/

* Before Class: Michael Fagan, “Reviews and Inspections”, SD&M Conference: Software Pioneers, 2002.
Vulnerability detection: Overview and
1.3 24/10/2022 * Before Class: Alexandre Braga, Ricardo Dahab, Nuno Antunes, Nuno Laranjeiro, Marco Vieira, “Practical Evaluation
white-box of Static Analysis Tools for Cryptography: Benchmarking Method and Case Study”, ISSRE 2017, 217.

Lab Only: Setup for Assignment and

1.4 25/10/2022 exercises
* Before Class: OWASP, OWASP Web Security Testing Guide, Version 4.2, 2020, Chapter 2.

* Test setup
1.5 26/10/2022 Vulnerability detection: Black-box * Before Class: José Fonseca, Nuno Seixas, Marco Vieira, Henrique Madeira, “Analysis of Field Data on Web Security
Vulnerabilities”, IEEE Transactions on Dependable and Secure Computing. 11(2): 89-100, 2014.

# Date Class Readings before Class

* Before Class: Security Quality Requirements Engineering (SQUARE) Methodology

2.1 29/11/2022 Engineering Security Requirements * Before Class: A comparison of security requirements engineering methods
* Before Class: Security Requirements Engineering

* Before Class: Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of
Architecting and Designing Secure
2.2 30/11/2022 Software
Trustworthy Secure Systems
* Before Class: The Architecture Centric Development Method

Before Class: OWASP, “OWASP Secure Coding Practices – Quick Reference Guide v2.0”, The OWASP Foundation,
2.3 01/12/2022 Secure Coding Practices 2010.

* Before Class: A. Milenkoski, M. Vieira, S. Kounev, A. Avritzer, B. D. Payne, “Evaluating Computer Intrusion Detection
Runtime Perspective: Systems: A Survey of Common Practices”, ACM Computing Surveys (CSUR), Vol. 48, ACM, 2015.
2.4 02/12/2022 Attack Detection and Mitigation * Before Class: OWASP, “Intrusion Detection”, https://owasp.org/www-community/controls/Intrusion_Detection
* Robert Mitchell, Ing-Ray Chen, "A Survey of Intrusion Detection Techniques for Cyber-Physical Systems"

2.5 03/12/2022 Lab Only: Starting the Assignment

Data Avaliação Tópicos

Para todos os Alunos.

EN 13/12/2022 Exame Normal
Tópicos da matéria das 10 aulas.

(será clarificado entretanto)

ER tbd Exame de Recurso Apenas para os alunos com direito a Recurso nas regras da UniCV.
Tópicos da matéria das 10 aulas.

Apenas para quem não entregou o trabalho prático.

EP tbd Exame Prático
Tópicos dos dois trabalhos práticos.