Security and Secure Programming
Code | Completion | Credits | Range | Language |
---|---|---|---|---|
MI-BPR | Z,ZK | 4 | 2P+1C | Czech |
- Course guarantor:
- Lecturer:
- Tutor:
- Supervisor:
- Department of Computer Systems
- Synopsis:
-
The students will learn how to assess security risks and how to take them into account in the design phase of their own code and solutions. After getting familiar with the threat modeling theory, students gain practical experience with running programs with reduced privileges and methods of specifying these privileges, since not every program needs to run with administrator privileges. Dangers inherent in buffer overflows will be practically demonstrated. Students will be introduced to the principles of securing data and the relationships of security and database systems, web, remote procedure calls, and sockets in general. The module concludes with Denial of Service attacks and the defense against them.
- Requirements:
-
Programming in C, knowledge of basic application interfaces and computer systems architectures, basic knowledge of SQL, basic knowledge of Javascript.
- Syllabus of lectures:
-
1. Introduction to debuggers
2. Code generation, structure of an executable file
3. Buffer overflow
4. Writing secure code in C
5. Security layers, access levels
6. Running with the least privileges
7. Data security and integrity
8. Data input, canonical representation and security
9. Security of databases
10. Security of web applications
11. Security of sockets
12. Denial-of-service attacks
- Syllabus of tutorials:
-
1. Code generation, analysis of an existing application
2. Buffer overflow
3. Writing secure code in C
4. Running with the least privileges
5. SQL injection
6. Security of web applications
- Study Objective:
- Study materials:
-
[1] Howard, M. - LeBlanc, D.: Writing Secure Code, 2nd Edition, Microsoft Press, 2003, 9780735617223.
[2] Howard, M. - LeBlanc, D.: Writing Secure Code for Windows Vista, Microsoft Press, 2007, 9780735623934.
[3] Seacord, R. C.: Secure Coding in C and C++, 2nd Edition, Addison-Wesley Professional, 2013, 9780321822130.
- Note:
- Further information:
- https://moodle-vyuka.cvut.cz/course/view.php?id=2654
- No time-table has been prepared for this course
- The course is a part of the following study plans:
-
- Master branch Knowledge Engineering, in Czech, 2016-2017 (elective course)
- Master branch Computer Security, in Czech, 2016-2019 (elective course)
- Master branch Computer Systems and Networks, in Czech, 2016-2019 (elective course)
- Master branch Design and Programming of Embedded Systems, in Czech, 2016-2019 (elective course)
- Master branch Web and Software Engineering, spec. Info. Systems and Management, in Czech, 2016-2019 (elective course)
- Master branch Web and Software Engineering, spec. Software Engineering, in Czech, 2016-2019 (elective course)
- Master branch Web and Software Engineering, spec. Web Engineering, in Czech, 2016-2019 (elective course)
- Master program Informatics, unspecified branch, in Czech, version 2016-2019 (VO)
- Master branch System Programming, spec. Computer Science, in Czech, 2016-2017 (elective course)
- Master branch Knowledge Engineering, in Czech, 2018-2019 (elective course)