Main Content

CprE 562x – Secure Software Engineering

Catalog Listing:

Fundamentals and techniques to design and implement software systems. Assessment of security vulnerabilities in software systems, exploitation of software vulnerabilities, and methods to secure vulnerable software. Secure coding practices, data analytics for security, microservices and cloud services security. Reverse engineering and security assessment of cyber-physical systems. 3 credits.

Learning Outcomes

  1. Assess the security in vulnerable software systems
  2. Exploit software vulnerabilities
  3. Apply methods to secure vulnerable software
  4. Apply best practices in secure software development
  5. Build effective cryptographic-based functionalities and assess their vulnerabilities
  6. Assess security implications for emerging software technologies

Course goals:

The goal of the course is to provide students, as future software developers, with the knowledge and first-hand experience they need to develop secure software. The students will get familiar with exploiting software vulnerabilities, experiment with the techniques to design secure software and to ensure the security of developed software. In addition, they will learn to use of empirical research methods to study software security challenges.


Dr. Lotfi ben Othmane

Durham Hall #315 Department of Electrical and Computer Engineering
Iowa State University
Phone: 515-294-2664

Office Hours

11:00 - 12:00 Mondays in Durham 315
Other times by email appointment

Teaching Assistants

Ameerah-Muhsinah Jamil |


Topics covered include the following:
  1. Secure software-development life-cycle
  2. Risk analysis
  3. Security architecture
  4. Implementing security features
  5. Secure coding
  6. Reverse engineering
  7. Security assessment
  8. Data analytics for security

Invited lectures

  1. Youssef Jad - CyVault
  2. Heinrich Gantenbein- Microsoft
  3. Julian Dolby - IBM
  4. Altaz Valani - SecurityCompass

Tentative Schedule

Week Topic Assignment
2 Lab 1
5 Assignment 1
Research activity
8  Assignment 2

 Lab 2


Optional Readings


  • 20% - Labs on software attacks
  • 5% - Report about security news
  • 20% - Assignments
  • 20% - Project
  • 20% - Research activity
  • 15% - Final exam

We will use the standard grade levels. Do not expect the grades to be curved. There will be limited bonus points – get them.


All assignments must be submitted through Canvas. Submission of late assignments are not considered if submitted after 5 days and will have 5%/day penalty otherwise.


The best way to communicate with me is by email—use [CPRE 562] as subject prefix. I usually reply in 2 business days. Remind me if you do not get an answer. Do not expect me to respond to a communication when the exchange exceeds 4 or 5 emails. In such cases, the issue shall be addressed in a face-to-face meeting.