Last updated: Nov 15, 24 04:26 UTC | Permalink

15 - Security

Learning Objectives:

By the end of this module, you should be able to:

• Define key terms relating to software/system security
• Describe some of the tradeoffs between security and other requirements in software engineering
• Explain 5 common vulnerabilities in web applications and similar software systems, and describe some common mitigations for each of them.
• Explain why software alone isn’t enough to assure security

Lecture Slides:

• Software Engineering + Security Slides PDF, PPT

Resources:

• “OWASP Top 10 Web Security Risks”
• Try the XSS example on the transcript server (Try it in Edge!) This link might be annoying, but is not malicious.
• “Bypassing Airport Security via SQL Injection”
• A good video on public and private keys
• Report on the eslint 2018 Attack
• “Reflections on Trusting Trust” (1984)
• “Running the “Reflections on Trusting Trust” Compiler” (2023)
• “What are Weak Links in the npm Supply Chain?”
• “Why secret detection tools are not enough: It’s not just about false positives - An industrial case study”
• “A comparative study of vulnerability reporting by software composition analysis tools”
• “Practical Automated Detection of Malicious npm Packages”
• Podcast on SolarWinds attack
• Security awareness/training activity: OWASP Juice Shop, online demo