This course will cover 1) common security problems, vulnerabilities and attack patterns in software and their underlying causes, for example, different types of buffer overflows, race conditions, side channels ; 2) security models and their realizations in modern desktop/mobile operating systems and applications 3) secure software engineering principles, coding techniques, guidelines and tools to prevent common vulnerabilities and pitfalls ; 4) security testing methodologies and tools in practice ; 5) risk assessment/ management and security audit.