Stanford Advanced Computer Security

Writing Secure Code (XACS131)

Required Courses
Using Cryptography Correctly
Writing Secure Code
Security Protocols
Electives
Computer Security Management - Recent Threats, Trends & the Law
Emerging Threats and Defenses
Securing Web Applications
Web Security 2.0: AJAX, Mashups, and Social Networking
Special Elective
Software Security Foundations Certificate
At Stanford
Online
At Work
Course enroll
Learn and experience intermediate and advanced techniques that systems and applications programmers can use to write new code securely, as well as to find and mitigate vulnerabilities in existing code.

Case Study:

A company may have millions of lines of existing code, and tens of millions of dollars of investment in their business based on those lines of code. It is not reasonable to expect that the applications that those millions of lines of code support can be redesigned securely from scratch in a cost-effective fashion. In this course, in addition to covering threats to legacy code, we focus on discussing tools and techniques that can be used to secure large amounts of legacy code. Our case study will demonstrate how to use off-the-shelf tools to secure an existing, large enterprise application.

Lab - 15 minutes discussion followed by 1 hour of computer work

3L-1: Experiment with a buffer overflow attack.

Mounting attacks against code to concretely understand what code is up against when targeted by attackers.