sse-intro

Introduction

Lecture 1 - Course Overview & Introduction

• Software Engineering = A systematic approach to develop software.
  • Ideation
  • Requirements
  • Design
  • Development
  • Testing
  • Deployment
  • Maintenance

Differences

• Compared to Civil Engineering, Software Engineering is iterative and agile.
• Compared to Hardware, Softwares do not ware out.
• Compared to Program, Softwares are beyond just the executables: documentations, source code, infrastructures,…
• Software is extremely complex!

Security

> Software security is the idea of engineering software so that it

continues to function correctly under malicious attack.

• Be proactive, address the issues early in the life cycle.

Concepts

• Vulnerability

  • Caused by Bug during the implementation
  • Caused by Design Flaw — usually in the security features.

• Exploit = the action of exploiting the vulnerabilities

• Threat = actor or agent that is a source of danger; or, a class of exploits.

• CIA Triad = Confidentiality + Integrity + Availability

Goals

• Identification & Authentification
• Accountability (Non-repudiation) = who is doing what can be traced
• Privacy

Databases

“Weakness” is the Class, while “Vulnerability” is the Object.

• National Vulnerability Database
  • CVE ID = Common Vulnerability Exposure
• Common Weakness Enumeration
  • CWE ID
• CVSS - Common Vulnerability Scoring System