Security and Secure Programming
- Josef Kokeš (guarantor)
- Josef Kokeš (guarantor)
- Department of Computer Systems
Students will learn how to assess security risks and how to take them into account in the design phase of their own code and solutions. After getting familiar with the threat modeling theory, students gain practical experience with running programs with reduced privileges and methods of specifying these privileges, since not every program needs to run with administrator privileges. Students will also be briefly introduced to the principles of securing data and the relationships of security and database systems, web, remote procedure calls, and sockets in general. The module concludes with Denial of Service attacks and countermeasures to these attacks.
Programming in C, knowledge of basic application interfaces and computer systems architectures.
- Syllabus of lectures:
1. Introduction to secure programming, current security trends.
2. Threat modeling.
3. The buffer overflow.
4. Writing secure code in C.
5. Security levels, Access Control Lists (ACL).
6. Running a program with low privileges.
7. Data security and integrity.
8. Data input, canonical representation, and security.
9. Security of databases.
10. Security of web applications.
11. Security of sockets and RPC.
12. Defence against Denial of Service attacks.
13. Summary and recapitulation.
- Syllabus of tutorials:
1. Threat modeling.
2. The buffer overflow.
3. Running a program with low privileges.
4. Security of databases.
5. Security of web applications.
6. Defence against Denial of Service attacks.
- Study Objective:
The aim of the module is to teach the students to take into account the security aspects already in the design phase of their own software applications and solutions. Students will start with theoretical modeling of security threats, and move on to practical exercises with C programs. They will learn to determine the minimal privileges for a program to run. They will also learn to secure data, data communication, remote procedure calls, and websites.
- Study materials:
1. Howard, M., LeBlanc, D.: Writing Secure Code, 2nd Edition, Microsoft Press, 2003, 9780735617223.
2. Howard, M., LeBlanc, D.: Writing Secure Code for Windows Vista, Microsoft Press, 2007, 9780735623934,
3. Seacord, R. C.: Secure Coding in C and C++, 2nd Edition, Addison-Wesley Professional, 2013, 9780321822130,
- Further information:
- Time-table for winter semester 2018/2019:
- Time-table is not available yet
- Time-table for summer semester 2018/2019:
Mon Tue FriroomTH:A-s135
Thákurova 7 (FSv-budova A)
NBFIT BOU ucebna
- The course is a part of the following study plans:
- Specialization System Programming, Presented in Czech, Version 2014, 2015 (elective course)
- Specialization Web Engineering, Presented in Czech, for Students who Enrolled in 2014 and 2015 (elective course)
- Knowledge Engineering, in Czech, Presented in Czech, for Students who Enrolled in 2015 (elective course)
- Master Informatics, Presented in Czech, Version for Students who Enrolled in 2015 (elective course)
- Specialization System Programming, Presented in Czech, Version 2016, 2017 and 2018 (compulsory course of the branch)
- Specialization Computer Science, Presented in Czech, Version 2018 (elective course)