Secure Code
Code | Completion | Credits | Range | Language |
---|---|---|---|---|
BI-BEK.21 | Z,ZK | 5 | 2P+2C | Czech |
- Course guarantor:
- Josef Kokeš
- Lecturer:
- Josef Kokeš
- Tutor:
- Josef Kokeš
- Supervisor:
- Department of Information Security
- Synopsis:
-
The students will learn how to assess security risks and how to take them into account in the design phase of their own code and solutions. After getting familiar with the threat modeling theory, students gain practical experience with running programs with reduced privileges and methods of specifying these privileges, since not every program needs to run with administrator privileges. Dangers inherent in buffer overflows will be practically demonstrated. Students will be introduced to the principles of securing data and the relationships of security and database systems, web, remote procedure calls, and sockets in general. The module concludes with Denial of Service attacks and the defense against them.
- Requirements:
-
Programming in C, knowledge of basic application interfaces and computer systems architectures, basic knowledge of SQL, basic knowledge of Javascript. It is recommended to also take the Cryptography and Security (BIE-KAB) course.
- Syllabus of lectures:
-
1. Introduction to debuggers
2. Code generation, structure of an executable file
3. Buffer overflow
4. Writing secure code in C
5. Security layers, access levels
6. Running with the least privileges
7. Data security and integrity
8. Data input, canonical representation and security
9. Security of databases
10. Security of web applications
11. Security of sockets
12. Denial-of-service attacks
- Syllabus of tutorials:
-
1. Introduction to debuggers
2. Code generation, analysis of an existing application
3. Buffer overflow
4. Buffer overflow II
5. Writing secure code in C
6. Data security and integrity
7. Running with the least privileges
8. SQL injection
9. Secure programming of databases
10. Security of web applications
11. Buffer overflow on the heap
12. Malware
- Study Objective:
-
After he/she had completed the course, the student will understand security in the context of software development and will be able to apply this knowledge both when creating their own software and when analysis a third-party one.
- Study materials:
-
[1] Howard, M. - LeBlanc, D.: Writing Secure Code, 2nd Edition. Microsoft Press, 2003, 9780735617223.
[2] Howard, M. - LeBlanc, D.: Writing Secure Code for Windows Vista. Microsoft Press, 2007, 9780735623934.
[3] Seacord, R. C.: Secure Coding in C and C++, 2nd Edition. Addison-Wesley Professional, 2013, 9780321822130.
[4] Zhirkov, I.: Low-Level Programming: C, Assembly, and Program Execution on Intel 64 Architecture. Apress, 2017, 9781484224021.
[5] Shostack, A.: Threat Modeling: Designing for Security. Wiley, 2014, 9781118809990.
[6] Hoffman, A.: Web Application Security: Exploitation and Countermeasures for Modern Web Applications. O'Reilly Media, 2020, 9781492053118.
- Note:
- Time-table for winter semester 2024/2025:
- Time-table is not available yet
- Time-table for summer semester 2024/2025:
- Time-table is not available yet
- The course is a part of the following study plans:
-
- Master specialization Computer Security, in Czech, 2020 (elective course)
- Master specialization Design and Programming of Embedded Systems, in Czech, 2020 (elective course)
- Master specialization Computer Systems and Networks, in Czech, 202 (elective course)
- Master specialization Management Informatics, in Czech, 2020 (elective course)
- Master specialization Software Engineering, in Czech, 2020 (elective course)
- Master specialization System Programming, in Czech, version from 2020 (elective course)
- Master specialization Web Engineering, in Czech, 2020 (elective course)
- Master specialization Knowledge Engineering, in Czech, 2020 (elective course)
- Master specialization Computer Science, in Czech, 2020 (elective course)
- Mgr. programme, for the phase of study without specialisation, ver. for 2020 and higher (elective course)
- Bachelor Specialization Information Security, in Czech, 2021 (PS)
- Bachelor Specialization Management Informatics, in Czech, 2021 (elective course)
- Bachelor Specialization Computer Graphics, in Czech, 2021 (elective course)
- Bachelor Specialization Computer Engineering, in Czech, 2021 (compulsory elective course, elective course)
- Bachelor program, unspecified specialization, in Czech, 2021 (VO)
- Bachelor Specialization Web Engineering, in Czech, 2021 (elective course)
- Bachelor Specialization Artificial Intelligence, in Czech, 2021 (elective course)
- Bachelor Specialization Computer Science, in Czech, 2021 (elective course)
- Bachelor Specialization Software Engineering, in Czech, 2021 (elective course)
- Bachelor Specialization Computer Systems and Virtualization, in Czech, 2021 (elective course)
- Bachelor Specialization Computer Networks and Internet, in Czech, 2021 (elective course)
- Study plan for Ukrainian refugees (elective course)
- Master specialization System Programming, in Czech, version from 2023 (elective course)
- Master specialization Computer Science, in Czech, 2023 (elective course)
- Bachelor Specialization Information Security, in Czech, 2024 (PS)
- Bachelor program, unspecified specialization, in Czech, 2024 (VO)
- Bachelor Specialization Management Informatics, in Czech, 2024 (elective course)
- Bachelor Specialization Computer Graphics, in Czech, 2024 (elective course)
- Bachelor Specialization Software Engineering, in Czech, 2024 (elective course)
- Bachelor Specialization Web Engineering, in Czech, 2024 (elective course)
- Bachelor Specialization Computer Networks and Internet, in Czech, 2024 (elective course)
- Bachelor Specialization Computer Engineering, in Czech, 2024 (compulsory elective course, elective course)
- Bachelor Specialization Computer Systems and Virtualization, in Czech, 2024 (elective course)
- Bachelor Specialization Artificial Intelligence, in Czech, 2024 (elective course)
- Bachelor Specialization Computer Science, in Czech, 20214 (elective course)