School of Computer Science

Module 06-20010 (2012)

Secure Programming

Level 4/M

Marco Cova Semester 2 10 credits
Co-ordinator: Marco Cova
Reviewer: Tom Chothia

The Module Description is a strict subset of this Syllabus Page.

Aims

The aims of this module are to:

  • introduce the principles, risks and mechanisms that impact software security, with emphasis on programming and related technologies

Learning Outcomes

On successful completion of this module, the student should be able to:

  • explain the fundamental principles and mechanisms of software security
  • identify the main security defects and threats in current software systems
  • describe and evaluate techniques of secure coding
  • evaluate applications in relation to their security

Teaching methods

Lectures


Assessment

  • Sessional: 1.5 hr examination (80%), continuous assessment (20%)
  • Supplementary: By examination only

Detailed Syllabus

  1. Introduction
  2. Basic principles of software security
  3. Overview of vulnerabilities and attacks
    • Buffer overflow and other memory corruptions
    • In-band signalling and malicious input
    • SQL command injection attacks
    • Race conditions
  4. Manual code auditing for software security
  5. Static analysis tools for security
  6. Programming language mechanisms and security
  7. Some directions in current research

Programmes containing this module