授课教师：Ricardo Rodríguez

国籍：西班牙

职称：副教授

教师简介（中英文）：Ricardo Rodríguez于2013年在西班牙萨拉戈萨大学获得计算机科学博士学位。2011年和2012年在英国卡迪夫大学计算机科学与信息学院，2014年在瑞典韦斯特拉斯梅拉达伦大学创新、设计与工程学院担任访问研究员。2016年在意大利卡塞塔那不勒斯第二大学做客座教授。他目前是西班牙萨拉戈萨萨拉戈萨大学的副教授。他的专业经验包括参与多个来自国家和国际资助的研究项目（H2020、西班牙科学与创新部、西班牙工业部）以及私人合作项目（如西班牙国家网络安全研究所和西班牙国家情报中心）。

Ricardo J. Rodríguez received M.S. and Ph.D. degrees in Computer Science from the University of Zaragoza, Zaragoza, Spain, in 2010 and 2013, respectively. His Ph.D. dissertation was focused on performance analysis and resource optimization in critical systems, with special interest in Petri net modeling techniques. He was a Visiting Researcher with the School of Computer Science and Informatics, Cardiff University, Cardiff, U.K., in 2011 and 2012, and the School of Innovation, Design and Engineering, Mälardalen University, Västeras, Sweden, in 2014. He was also a Visiting Professor in the Second University of Naples, Caserta, Italy, during a three-month period in 2016. He is currently an Associate Professor at University of Zaragoza, Zaragoza, Spain. His professional experience includes participation in several research projects from national and international fundings (H2020, Spanish Ministry of Science and Innovation, Spanish Ministry of Industry) as well as private collaborations (such as Spanish National Cybersecurity Institute and National Intelligence Centre in Spain).

课程简介（中英文）：本课程涵盖基本概念，以教学生如何以安全的方式开发软件。 在这方面，我们将首先回顾一些关于 C 编程语言的知识，因为该课程主要是针对使用它的。 然后我们将展示软件可能遭受的主内存错误漏洞，例如缓冲区溢出、整数溢出或格式字符串等。 课程中还将介绍 OWASP、CWE 和 SEI CERT（来自卡内基梅隆大学）等国家组织提供的安全编程标准指南。 在实验室课程中，学生将学习使用调试工具、识别源代码中的漏洞以及修复可能导致软件错误的潜在错误。 此外，本课程还将展示如何使用自动化工具来审核您的源代码。本课程是在C语言基础上开展的一门课程，难度适中。

This course covers the basic concepts to teach students about how they must develop software in a secure way. In this regard, we will first recap some knowledge about C programming language, since the course is mainly oriented to work with it. Then we will show the main memory error vulnerabilities that software may suffer, such as buffer overflows, integer overflows, or format string, among others. Standard guidelines for secure programming provided by national organizations as OWASP, CWE, and SEI CERT (from Carnegie Mellon University) will also be introduced in the course. During laboratory lessons, the students will learn to work with debugging tools, to identify vulnerabilities in source code, and to fix potential bugs that may lead to software errors. Furthermore, the course will also show how to use automated tools to audit your source code.