Logo ČVUT
ČESKÉ VYSOKÉ UČENÍ TECHNICKÉ V PRAZE
STUDIJNÍ PLÁNY
2018/2019

Security and Secure Programming

Předmět není vypsán Nerozvrhuje se
Kód Zakončení Kredity Rozsah Jazyk výuky
MIE-BPR.16 Z,ZK 5 2+1
Přednášející:
Cvičící:
Předmět zajišťuje:
katedra počítačových systémů
Anotace:

Students will learn how to assess security risks and how to take them into account in the design phase of their own code and solutions. After getting familiar with the threat modeling theory, students gain practical experience with running programs with reduced privileges and methods of specifying these privileges, since not every program needs to run with administrator privileges. Students will also be briefly introduced to the principles of securing data and the relationships of security and database systems, web, remote procedure calls, and sockets in general. The module concludes with Denial of Service attacks and writing a secure code.

Požadavky:

Programming in C, knowledge of basic application interfaces and computer systems architectures.

Osnova přednášek:

1. Introduction to secure programming, current security trends.

2. Threat modeling.

3. The buffer overflow.

4. Writing secure code in C.

5. Security levels, Access Control Lists (ACL).

6. Running a program with low privileges.

7. Data security and integrity.

8. Data input, canonical representation, and security.

9. Security of databases.

10. Security of web applications.

11. Security of sockets and RPC.

12. Defence against Denial of Service attacks.

13. Summary and recapitulation.

Osnova cvičení:

1. Threat modeling.

2. The buffer overflow.

3. Running a program with low privileges.

4. Security of databases.

5. Security of web applications.

6. Defence against Denial of Service attacks.

Cíle studia:

The aim of the module is to teach the students to take into account the security aspects already in the design phase of their own software applications and solutions. Students will start with theoretical modeling of security threats, and move on to practical exercises with C programs. They will learn to determine the minimal privileges for a program to run. They will also learn to secure data, data communication, remote procedure calls, and websites.

Studijní materiály:

Howard, M., LeBlanc, D. ''Writing Secure Code (2nd Edition)''. Microsoft Press, 2003. ISBN 0735617228.

Howard, M., LeBlanc, D. „Writing Secure Code for Windows Vista“. Microsoft Press, 2007.

http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project

Poznámka:

Rozsah=2p+1c

Další informace:
Pro tento předmět se rozvrh nepřipravuje
Předmět je součástí následujících studijních plánů:
Platnost dat k 19. 4. 2019
Aktualizace výše uvedených informací naleznete na adrese http://bilakniha.cvut.cz/cs/predmet4657706.html