CS661 Software Information Assurance

Attacks on enterprise level systems can be focused on many targets. Some of the targets, such as WEB servers are at the perimeter of the network. Others occur at the applications running on various operating systems. This course examines vulnerabilities caused by both scripting errors or poor scripting techniques on WEB based applications. Further, vulnerabilities created in custom developed applications written in high level programming languages are examined. SQL problems and architecture design flaws in relational database systems that contribute to vulnerabilities are also analyzed. A whole new set of intrusion risks present themselves with the newer emerging media and application environments such as cloud computing, social media venues, and mobile computing. Students will also conduct research into these areas. The need for security driven life cycle development models and security standards for programming and scripting languages are presented.