Learning Objectives:

In this module, you will learn to:

• Describe that security is a spectrum, and be able to define a realistic threat model for a given system
• Evaluate the tradeoffs between security and costs in software engineering
• Recognize the causes of and common mitigations for common vulnerabilities in web applications
• Utilize static analysis tools to identify common weaknesses in code

Lecture Slides:

• Software Engineering and Security Slides PDF, PPT

For Further Reading

• XSS on transcript server
• “What are Weak Links in the npm Supply Chain?”
• “Why secret detection tools are not enough: It’s not just about false positives - An industrial case study”
• “A comparative study of vulnerability reporting by software composition analysis tools”
• “Practical Automated Detection of Malicious npm Packages”
• HashiCorp Vault
• “OWASP Top 10 Web Security Risks”
• Software supply-chain vulnerabilities: ESLint 2018 attack, Podcast on SolarWinds attack
• Security awareness/training activity: OWASP Juice Shop, online demo