Instructor | Announcements | Course Info | Class Material | Schedule | Grade | General Policy | Related Links


CmpE 296T
Software Security Technologies
Fall 2007
College of Engineering




Richard Sinn has been teaching in the Computer Engineering and Computer Science departments at San Jose State University since 1998. He also served as Adjunct Professor at University of Minnesota. In addition to his teaching career, Richard is the Security Architect at the Real Time Communication group at Yahoo! Inc. Prior to this, he held various senior positions at IBM, Oracle and different Silicon Valley startup companies. Richard is an inventor and has filed over ten invention disclosures (patents). He is also a frequent writer for various magazines and journals, and a frequent speaker at regional and national technology conferences.




ENGR 301


Class time:

Tuesday 7:30PM - 10:15PM (Student Lab Time after 9:00pm)



Class room:

Seciton 1

ENG 301


Initial creation.


Please consider how you set up your evaluation environments - be it homework, on-campus quizzes and exams, to minimize chances of (temptations to) cheating.

In particular:

During tests:

- Make sure there is plenty of space between students.

- Always proctor exams and tests, and preferably by sitting at the back of the room rather than at the front. Do not leave the testing room during the test. If you cannot proctor the class yourself, contact me and I will endeavor to find a proctor for you.

- If the test is closed-book, require all backpacks to be zipped shut, all PDAs, computers and phones to be handed in, and any access to either without explicit proctor permission should be an immediate F in the class.

For homework: We have started using on-line support systems to catch cheaters. So I would very strongly urge you:

- For code assignments: Run them all through MOSS

- For essays etc: Run them all through (SJSU has a site subscription, I have been told.)

- Make sure individual contributions are ensured in team projects. This can be done through various means: Sign-offs, quizzes on the content of common work, etc.

Remember: A grade reflects an evaluation of the individual student's achievements. Your evaluation system has to reflect that objective.


Course Information


This will be one of the most useful classes you will ever take in software engineering. Come and learn the essentials of software security technologies.

Providing the perfect blend of basic security theory and practical software security programming, Software Security Technologies offers a valuable introduction to the field of software security. Divided into three parts, this comprehensive class encourages students to master their security skills by building on the basics. The first section of the class is devoted to fundamental security theories that govern common software security technical issues. Coverage then progresses to a focus on the practical programming materials that will teach students on how to implement security solutions using the most popular software packages. Using these theories and programming practices as a foundation, the class concludes with a section on security in practice, demonstrating how the conceptual and practical materials covered in the first two sections are applied in real-world scenarios. All of these topics are also explained in the textbook (Software Security Technologies: A Programmatic Approach ) written by the instructor using a straightforward approach, so that students can grasp the information quickly and easily, gaining the confidence they need to further develop their skills in software security technologies.


Course materials feature:



Apart from big term project(s) and presentation, there are homework assignments, a mid-term exam and a final exam. Some exams might be take-home. The weightings for grading are: Term Project(s) 40%, Homework 20%, Midterm 10%, Final Exam 10%, Team Research Presentation 10%, and Term Presentation 10%.

No Late Assignment Submission



Class Material

Required Textbook

(Original book by the instructor)





Pick one of the references for term paper. Please spend the time to read and actually reseach (program) into the topics. The class expects a high quality research paper, not some collection of combined internet web pages ...


Full Reference List is here




The following are the (subset of ) topics that will be covered:

Part I - Security Theories and Concepts

Aug 28, 2007 - Tuesday

  • Class introduction
  • Chapter 1 - Introduction to Security Concepts


Sept 4, 2007 - Tuesday

  • Chapter 2 - Software Engineering and Security


Sept 11, 2007 - Tuesday

  • Chapter 3 - Essential PKI
  • Finding Security Bugs:


Sept 18, 2007 - Tuesday

  • Chapter 4 - Trust and Threat Model


Part II - Security Programming

Sept 25, 2007 - Tuesday

  • Chapter 5 - Java Programming Security


Oct 2, 2007 - Tuesday


Oct 9, 2007 - Tuesday

  • Chapter 7 - Authentication and Authorization with Java


Oct 16, 2007 - Tuesday

  • Mid-Term


Oct 23, 2007 - Tuesday

  • Join up the group to keep in touch for jobs, info, etc.
  • Chapter 7 - Authentication and Authorization with Java
  • HW1 Due
  • HW2 Individual homework. Due next week.
  • Team Presentation Information


Oct 30, 2007 - Tuesday

  • Chapter 8 - Secure Programming with C and OpenSSL
  • HW2 Due


Nov 6, 2007 - Tuesday

  • Chapter 9 - Secure Programming with Perl


Part III - Security in Practice

Nov 13, 2007 - Tuesday

  • Chapter 10 - Identity Management
  • HW3 is here <----


Nov 20, 2007 - Tuesday

  • Chapter 11 - Security Topics


Final and Presentation

Nov 27, 2007 - Tuesday

  • HW3 Due
  • Term Presentation + Paper Due
  • Presentation schedule is here. Team is assigned, topics are assigned.
  • Topic: OpenID and IdM, Team: Bedi,Prantap Cai,Fangli (Report, Preso)
  • Topic: Spam and Anti-Spam, Team: Desai,Aditi Sudhir Haider,Yousuf Syed (Report, Preso)
  • Topic: Virus and Anti-Virus, Team: Karki,Kiran Malik,Muzaffar H (Report, Preso)
  • Topic: Shellcode Development, TeamMurudkar,Pallavi S Oloyede,Olufemi A : (Report, Preso)
  • Topic: Code Disassembly Techniques, Team: Quiaot,Julius Quinoveva Ranavat,Himanshu Hira (Report, Preso)
  • Topic: Implementation of RFID, Team: Ryu,Sangbeom Sharma,Sankate (Report, Preso)
  • Topic: Mobile Devices Security, Team: Talawat,Tanakom Tsay,Elbert H (Report, Preso)
  • Topic: Business Continuity and Disaster Recovery Planning, Team: Uniyal,Smita Yang,Li (Report, Preso)
  • Topic: XSS, Team: Bridygham,Alexander Richard (Solo, it is an odd number)(Report, Preso)


Dec 4, 2007 - Tuesday

  • Final Exam



Team Research Presentation

Each team will be given a topics to research and present during the semester. The team needs to prepare the following:



Email to check your grade if necessary.


General Policy

The university and departmental policies and deadlines for course drop will be applied. Makeup exams cannot be offered, except under exceptional conditions, such as documented serious illness/accident, etc., and only at the professor's discretion.

Each student is responsible for his/her individual assignment, and must not copy anyone else's work. Students who borrow solutions from others will find themselves unable to pass the course. The minimum penalty for every student involved in the duplication of individual assignments or exams will be receiving a zero score on the submitted work.

For group project, all the work has to be done by your OWN group. Do not try to download "free code" from the Internet and hand in as a project. WE WILL FIND OUT. Do not share your work with others. So DO YOUR OWN WORK and EARN your grade.


Related Links

  • Past Class Grading and Info
  • Software Engineering Institute
  • Special Interest Group on Software Engineering (SIGSOFT)
  • IBM San Francisco Project
  • Object Management Group
  • Rational Software Corporation
  • -
Richard's Recent Articles


Instructor | Announcements | Course Info | Class Material | Schedule | Grade | General Policy | Related Links