Last updated: May 01, 24 18:34 UTC | Permalink
15 - Security
Learning Objectives:
By the end of this module, you should be able to:
- Define key terms relating to software/system security
- Describe some of the tradeoffs between security and other requirements in software engineering
- Explain 5 common vulnerabilities in web applications and similar software systems, and describe some common mitigations for each of them.
- Explain why software alone isn’t enough to assure security
Lecture Slides:
- Software Engineering + Security Slides PDF, PPT
Resources:
- “OWASP Top 10 Web Security Risks”
- Try the XSS example on the transcript server (Try it in Edge!) This link might be annoying, but is not malicious.
- A good video on public and private keys
- Report on the eslint 2018 Attack
- “Reflections on Trusting Trust” (1984)
- “Running the “Reflections on Trusting Trust” Compiler” (2023)
- “What are Weak Links in the npm Supply Chain?”
- “Why secret detection tools are not enough: It’s not just about false positives - An industrial case study”
- “A comparative study of vulnerability reporting by software composition analysis tools”
- “Practical Automated Detection of Malicious npm Packages”
- Podcast on SolarWinds attack
- Security awareness/training activity: OWASP Juice Shop, online demo