Module 20010 (2013)

Syllabus page 2013/2014

06-20010
Secure Programming
Level 4/M

Marco Cova
10 credits in Semester 2

Links | Outline | Aims | Outcomes | Prerequisites | Teaching | Assessment | Books | Detailed Syllabus

The Module Description is a strict subset of this Syllabus Page. (The University module description has not yet been checked against the School's.)

Relevant Links

Module home page [2011/12]

Outline

The module covers the basics of software security. Classic design principles for the protection of information in computer systems are introduced. Some of the most important vulnerabilities in current software systems and the corresponding attacks are reviewed. It is then shown how to defend code against these attacks, both by means of careful programming technique and automated machine support.

Aims

The aims of this module are to:

  • introduce the principles, risks and mechanisms that impact software security, with emphasis on programming and related technologies

Learning Outcomes

On successful completion of this module, the student should be able to: Assessed by:
1explain the fundamental principles and mechanisms of software security Examination
2 identify the main security defects and threats in current software systems Examination
3describe and evaluate techniques of secure coding Examination
4evaluate applications in relation to their security Examination, Continuous Assessment

Restrictions, Prerequisites and Corequisites

Restrictions:

None

Prerequisites:

None

Co-requisites:

None

Teaching

Teaching Methods:

Lectures

Contact Hours:

23

Assessment

  • Sessional: 1.5 hr examination (80%), continuous assessment (20%)
  • Supplementary (where allowed): By examination only

Recommended Books

TitleAuthor(s)Publisher, Date
The Art of Software Security Assessment: Identifying and Preventing Software VulnerabilitiesMark Dowd, John McDonald and Justin SchuhAddison-Wesley, 2006

Detailed Syllabus

  1. Introduction
  2. Basic principles of software security
  3. Overview of vulnerabilities and attacks
    • Buffer overflow and other memory corruptions
    • In-band signalling and malicious input
    • SQL command injection attacks
    • Race conditions
  4. Manual code auditing for software security
  5. Static analysis tools for security
  6. Programming language mechanisms and security
  7. Some directions in current research

Last updated: 3 June 2011

Source file: /internal/modules/COMSCI/2013/xml/20010.xml

Links | Outline | Aims | Outcomes | Prerequisites | Teaching | Assessment | Books | Detailed Syllabus