Last updated: Dec 08, 22 20:13 UTC | Permalink
15 - Security
Learning Objectives:
In this module, you will learn to:
- Describe that security is a spectrum, and be able to define a realistic threat model for a given system
- Evaluate the tradeoffs between security and costs in software engineering
- Recognize the causes of and common mitigations for common vulnerabilities in web applications
- Utilize static analysis tools to identify common weaknesses in code
Lecture Slides:
- Software Engineering and Security Slides PDF, PPT
For Further Reading
- XSS on transcript server
- “What are Weak Links in the npm Supply Chain?”
- “Why secret detection tools are not enough: It’s not just about false positives - An industrial case study”
- “A comparative study of vulnerability reporting by software composition analysis tools”
- “Practical Automated Detection of Malicious npm Packages”
- HashiCorp Vault
- “OWASP Top 10 Web Security Risks”
- Software supply-chain vulnerabilities: ESLint 2018 attack, Podcast on SolarWinds attack
- Security awareness/training activity: OWASP Juice Shop, online demo