Secure Programming (CIS-3720) Home Page

This is the home page for Peter Chapin's Secure Programming course notes for the Fall 2019 semester. Here you will find electronic versions of class handouts, homework assignments, lecture slides, and links to other references of interest. If you are a student taking Secure Programming you should bookmark this page.

Lecture Topics

Lectures will be done over Zoom at URL You do not need a Zoom account to participate. The list below shows the topics covered in each lecture. You can use this information to guide your study or to get an idea about what was covered in any missed lectures. All lectures will be recorded with links to the recordings added to the list below. It may take up to one business day for the link to appear. If no link appears after that, don't hesitate to contact me.



  1. Homework #1. Development Tools Due: 2019-09-05.
  2. Homework #2. Input Validation Due: 2019-09-19
  3. Homework #3. Analysis Tools Due: 2019-10-04
  4. Homework #4. Obscura Due: 2019-11-08
  5. Homework #5. Access Control Lists Due: 2019-12-06


  1. This sample shows how one can do some basic input validation for integer inputs.
  2. Another input validation example using GPS coordinates. Java: (,, C++: (GPS.hpp, GPS.cpp)
  3. The file is a Perl script that illustrates the operation of taint mode. Create a file iHello.txt in your working folder containing a few lines of text, and run the script both without and with the -T command line option. Enter a base file name of Hello.txt into the program. Does it create the output file oHello.txt?
  4. The archive contains an Ada/SPARK package that implements fixed length character buffers. It demonstrates some of the features that protect Ada programs from security vulnerabilities.
  5. This sample illustrates the basics of doing simple encryption and decryption with the javax.crypto API.
  6. The Obscura GitHub site. This program is a Java implementation of the OpenPGP standard.
  7. A zip archive of a stack smashing program that illustrates one way of executing a buffer overflow attack. Aleph One's original paper Smashing the Stack for Fun and Profit is also a good read (comfort with assembly language required).
  8. acl_demo.c. This sample shows how to read POSIX access control lists.
  9. webclient.c. This sample shows how to send a basic GET request to a web server without any encryption being used.
  10. webclient-TLS.c. This sample is similar in effect to the previous space except that it uses the OpenSSL library to create a TLS connection with the server.



Last Revised: 2019-12-30
© Copyright 2019 by Peter C. Chapin <>