Course Summary

An introduction to the state of the art of software-security research. This course surveys common software vulnerabilities, including buffer overflows, format string attacks, cross-site scripting, and botnets. The course also discusses common defense mechanisms, including static code analysis, reference monitors, language-based security, secure information flow, and others.

Short programming assignments and paper critiques. A midterm exam and a final project. The graduate version differs from the undergraduate version by requiring advanced assignments and projects.

Course Objectives

The goal of this course is twofold: First, on completing the course, students will understand the common software-security vulnerabilities and basic counter-measures. Second, students interested in software-security research will be sufficiently prepared to carry out research on the topics covered.


  • CSE 109: Systems Programming
  • CSE 262: Programming Languages


No textbook required for this course.


Instructor: Gang Tan; Packard Lab 329

Email: gtan AT cse DOT lehigh DOT edu

Office hours: Weds 1:30-3pm or by appointment

System admin: Bryan Hodgson. hodgson AT cse DOT lehigh Dot edu

Course syllabus

See the PDF file

Time and location

TTh 2:35-3:50pm; PA 466