Secure Programming Educational Material

This is the third reincarnation of a secure programming class I taught at Purdue, re-designed thanks to support from Symantec corporation.

The class originated as an optional class associated with an operating systems class taught on UNIX (CS 354). It has now been split into three classes. Each is designed to take 2.5 days or 5 half-days total. In a university setting, instructors should mix and match material from the three courses to meet the required work according to the number of credits of their class. As an example, a 1 credit class could comprise the slides on shells and environments from course 1, and all of course 2 materials.
I spent several months in spring 2004 working with Symantec engineers to design this new version of the class. It uses a different teaching style. Instead of keeping students passive in class and then giving them long lab assignments, we have shorter programming exercises and discussions interspersed throughout the lectures, with longer classes. In essence, the lectures and labs have become intermingled. This is a much more dynamic and interesting format for the students because it engages them, and allows me to cover more variations on different issues. It requires more work on the part of the instructor, but the students benefit.

Course Descriptions
List of files(some files available only to instructors)
Class 1
Class 2
Class 3

For course 1, students require access to a web browser, an internet connection and a pdf document reader.
For course 2, students require access to: For course 3, a copy of the Knoppix-std (security tools distribution) CD and a computer able to boot from it are required to use the lab exercises as written. A Windows machine was used as a vulnerability scan target to show the surprising quantity of information that can be extracted from an unsecured host, even if all the patches had been applied. The material itself tries to address both UNIX and Windows environments.

I welcome notes, comments, suggestions, or modified slides.

Regards,
Pascal Meunier, Ph.D., M.Sc., CISSP
Purdue University CERIAS

Terms

You are free to copy, distribute, display, and perform the work; and to make derivative works, under the following conditions. Copyright (2004) Purdue Research Foundation. All rights reserved.

Developed thanks to the support of Symantec Corporation,
NSF SFS Capacity Building Program (Award Number 0113725) and the Purdue e-Enterprise Center
Contributors:
Jennifer Richardson, Jared Robinson, Alan Krassowski, Craig Ozancin, Tim Brown, Wes Higaki, Melissa Dark, Chris Clifton, Gustavo Rodriguez-Rivera
Thanks to Michael Howard for reviewing several sets of slides!

CERIAS, Purdue University / Recitation Building / 656 Oval Drive / West Lafayette IN 47907-2039
phone (800)494-4419 / fax (765)496-3181

CERIAS LogoSymantec Logo