COMP_SCI 396: Foundations of Security



COMP_SCI 211 and 214


Cybersecurity can be an intimidating word, but it doesn’t need to be. It is actually fundamental to every application or system we use, however small. One does not need to be “interested” in security to be accountable for creating secure programs; anyone who will be responsible for maintaining or building any computer systems will be accountable.

Have you been or do you know anyone who has been a victim of a data breach? Data breaches have become commonplace with the causes often being a simple security mistake/piece of insecure infrastructure with a massive impact. Do you see yourself building a simple application that handles user data? You would have a responsibility to protect your users’ data. Are you interested in cybersecurity as a specialization or career path? You’ll probably get to advise the design of systems to be secure from the ground up and mitigate security incidents in real time. And finally: do you envision yourself in a role where you will either build or manage any systems that people will use? Then your systems need to be secure.

Systems, software, and tools that we use are all vulnerable to security breaches and incidents. However, security, historically and still today, is often an afterthought in the design of computer systems, which only exacerbates their vulnerability. And while cybersecurity itself is a huge and exciting field for those interested, there are core aspects of security that are accessible to and necessary for anyone in a computing-related occupation. 

The goal of this class is to provide an introduction to such security foundations. It can also serve as an introduction to security as a field and for more advanced security/privacy courses. Overall, this course aims to provide a security foundation for three major applications:

1. Incorporating fundamental security when building applications
2. A starting point for security fundamentals important for students interested in a cybersecurity role
3. Technical and non-technical approaches to security

We will cover a variety of topics including (but not limited to) the security mindset, writing secure applications and mitigating vulnerabilities, threat modeling, data breaches, authentication, access control, data security, social engineering, and ethics of cybersecurity decisions (or lack, thereof). For a portion of the class, we will work with web applications, however, we do not expect any relevant background and will provide required background as needed.

  • This course fulfills Technical Elective area.

COURSE COORDINATORS: Prof. Sruti Bhagavatula

COURSE INSTRUCTOR: Prof. Sruti Bhagavatula