COMP6131 - Software Security Analysis
Difficulty: 2/10 · Time Commitment: 1/10 · Enjoyability: 5/10 · Mark: 97
SummaryPermalink
COMP6131 is a course on software security analysis which teaches basic skills on static analysis to find flaws in code by traversing a control flow graph. The course contains a lot of complex and interesting concepts, but when I did this course, it was possible to get a really high mark without proper knowledge of most concepts due to the simplicity of assignments and generous marking. The rough time allocation I spent on each assessment is as follows
| Task | Time Spent |
|---|---|
| Labs | 3-6 hours/lab |
| Assignment 1 | 4 hours |
| Assignment 2 | 5 hours |
| Assignment 3 | 4 hours |
The course assumes knowledge of C++, however, if you know C you will be able to learn everything you need as you do the assignments. The code you write is mostly identical to C, and in many spots, the added C++ makes the code easier to read/write even if you have not used C++ before (e.g. string concatenation).
To achieve the greatest learning from this course, I recommend learning the course content properly. Lectures sometimes go through complex concepts really quickly and aren’t assessed in a lot of depth, however, sitting at a whiteboard and trying to actually implement the algorithms helps make the course more enjoyable and educational.
PositivesPermalink
- The concepts taught in this course are very interesting and do not require prerequisite knowledge of any static analysis tools or security
- The lectures step through interesting algorithms and provide a lot of code that is easy to follow
- The workload of this course is relatively low
NegativesPermalink
- The workload of this course is relatively low so it is possible to get through the entire course and not learn as much as in other courses
- The assessments are very easy and do not add learning value to the course (Lab 3 was good)
- This is mostly a theoretical course and it is likely that even if you extend yourself by learning all algorithms and exploring further than the course takes you, you will still not apply any course content to a future career in industry or research outside of this field
In-depthPermalink
StructurePermalink
COMP6131 has one lecture a week that is split into 2x 2 hour blocks (with a short break in between). The first two hour block is spent on theory and the second one is spent as a tutorial to discuss labs, assignments, and student questions.
Labs are in the format of quizzes and are mostly multiple choice. There are some questions with text input, such as to sketch the path of a traversal, but these are mostly straightforward.
Lecture and WorkshopPermalink
As mentioned above, COMP6131 has one combined lecture + workshop split into 2x 2 hour blocks ran one after the other (so a total of one 4 hour block per week). The lecture goes through course content and I found it better to watch these in my own time rather than in person because the content is often covered quite fast and it was much more effective to slow down the video (to 0.75x speed) and rewatch parts until I understood what was happening.
The workshops are useful because they go over common questions students have had, assignment overviews, feedback on common mistakes in assignments, and hard questions from previous lectures. This is a good opportunity to ask questions on anything confusing, and the lecturer is very knowledgeable on this field. Workshops are where a large majority of the learning in this course occurs.
AssignmentsPermalink
The assignments in this course are very easy but also very useful to understand course content. The second assignment helped me understand what I was learning so much better than simply from lectures. Assignment 1 was unrelated to course content (and was probably the most difficult because there were small niche bugs you could introduce in your traversals), and assignment 3 was slightly challenging but followed very closely with lecture content so anyone who watches the lectures will easily be able to finish it entirely.
One important note is that the assignments were very easy when I did this course due to a lot of support from the lecturer. The “challenges” of the assignments were solved for students within the lecture prior to the assigment being due. This will definitely not be the case in future terms, so while I think the assignments will remain similar there will be a much greater understanding of course content required to solve the challenges in assignments.
LabsPermalink
Labs in this course are mostly straightforward, and most questions are extensions of lecture content. There are a few very difficult questions that require a general understanding of memory management in a language like C, and other content like constraint graphs that can be difficult early on. If you consistently stay up-to-date with content and take time to understand it well, the labs are possible to complete in a few hours.
OverallPermalink
COMP6131 is an easy course, which teaches interesting content that is hard to find in any other course. While the content taught is likely not going to be used in any industry setting, research topics around it exist. Understanding the content taught can be cool as all software engineers use some static analysis tools and knowing how the more complex tools around memory work is interesting.
Comments