NWOACM

Software Security, Dr. James Walden, Assistant Professor of Computer Science, Northern Kentucky University
The University of Toledo, Nitschke Hall Seminar Room (NI 1027)
Free
Hosted by IEEE Toledo chapter

Criminals make headlines every week by hacking web applications. The rapid growth of attacks over the last five years has shown us that traditional reactive security measures like firewalls or intrusion detection systems cannot protect application software. Software developers can no longer rely on the operations team to protect their software. To solve this problem, developers must take an active role in securing their applications, and to secure their applications, they need to learn about software security.

Software security is the study of creating software that functions correctly even when under attack. Software security doesn't focus on security features like authentication or cryptography. While such features are useful tools, most exploitable security vulnerabilities are software bugs like buffer overflows or cross-site scripting that can be found throughout the application. To produce secure software, security needs to be integrated into the software development lifecycle from requirements through quality assurance. This presentation will cover common software vulnerabilities along with the software security techniques, such as abuse cases and softwareassisted code reviews, that are needed to produce software without such flaws.