Secure Software Design and Programming: Class Materials by David A. Wheeler

Here are some of the materials (slides and book) from my “Secure Software Design and Programming” graduate course, SWE-681/ISA-681, that I have taught several times at George Mason University. If you’re interested in the topic, please consider joining us!

You can view “Secure Programming HOWTO”.

Brian Chess has posted errata for “Secure Programming with Static Analysis”.

Here are current versions of most of my in-class presentations, released as open content:

The presentations above that are hosted by me are released to the world under the Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license; be sure to credit me as “David A. Wheeler”. I do routinely update them.

I include a number of cartoons from XKCD, under the licensing conditions for XKCD Which states that, "... I'm also okay with people reprinting occasional comics (with clear attribution) in publications like books, blogs, newsletters, and presentations."

Again, you can view copy of the class version of “Secure Programming for Linux and Unix HOWTO” online or as a downloadable PDF file. (Note that this is not necessarily the same version as posted on my secure programming front page.)

I talk about tools; here are some other people's short videos demonstrating some tools:

  1. Setting up OWASP ZAP (Zed Attack Proxy)
  2. Clang Static Analyzer - gzip (gr33kdude).

There's a topic paper in my class, and I have a number of formatting requirements.

Here are some templates that implement many formatting requirements, I suggest using them:

As with any formal paper, focus on setting the “paragraph type” of each paragraph correctly. You should never touch the font name, font size, or similar properties of ordinary paragraphs if your paper is longer than a page (aka "direct formatting"); you should only set those kinds of properties of paragraph types. Paragraph types are critical to efficiently writing papers, so you should know how to do that. If you're manually setting section numbers, or setting font names on a specific paragraph, you're doing it wrong.

If you are having trouble coming up with a topic, here's a list of some topics that might inspire you. Learning from Disaster might inspire you (or discourage you!).

Other people have been glad they took this class. I received the “outstanding adjunct faculty” award from GMU’s Department of Computer Science on May 16, 2012, mainly for this class. One student got a raise, and many have said how rewarding it has been. This class takes a fair amount of time and effort... but I hope that you will find that it’s worth it.

Obviously reading the slides is not the same as taking the class! I offer these slides to the public in case it is helpful to them.

The answer you seek is in the syllabus

Feel free to Look at my main webpage.