EduXchange.EU

Secure Code

BIE-BEK.21
Computer Science and ICT, Data, AI

Over deze cursus

The students will learn how to assess security risks and how to take them into account in the design phase of their own code and solutions. After getting familiar with the threat modeling theory, students gain practical experience with running programs with reduced privileges and methods of specifying these privileges, since not every program needs to run with administrator privileges. Dangers inherent in buffer overflows will be practically demonstrated. Students will be introduced to the principles of securing data and the relationships of security and database systems, web, remote procedure calls, and sockets in general. The module concludes with Denial of Service attacks and the defense against them.

Leerresultaten

After he/she had completed the course, the student will understand security in the context of software development and will be able to apply this knowledge both when creating their own software and when analysis a third-party one.

Voorkennis

Programming in C, knowledge of basic application interfaces and computer systems architectures, basic knowledge of SQL, basic knowledge of Javascript. It is recommended to also take the Cryptography and Security (BIE-BEZ) course.

Bronnen

  • [1] Howard, M. - LeBlanc, D.: Writing Secure Code, 2nd Edition. Microsoft Press, 2003, 9780735617223.
  • [2] Howard, M. - LeBlanc, D.: Writing Secure Code for Windows Vista. Microsoft Press, 2007, 9780735623934.
  • [3] Seacord, R. C.: Secure Coding in C and C++, 2nd Edition. Addison-Wesley Professional, 2013, 9780321822130.
  • [4] Zhirkov, I.: Low-Level Programming: C, Assembly, and Program Execution on Intel 64 Architecture. Apress, 2017, 9781484224021.
  • [5] Shostack, A.: Threat Modeling: Designing for Security. Wiley, 2014, 9781118809990.
  • [6] Hoffman, A.: Web Application Security: Exploitation and Countermeasures for Modern Web Applications. O'Reilly Media, 2020, 9781492053118.

Activiteiten

Security, secure development, vulnerability, threat, buffer overflow, SQL injection, access rights, Denial of Service.

Aanvullende informatie

  • Studiepunten
    ECTS 5
  • Contact uren per week
    16
  • Instructeurs
    Ing. Kokeš Josef Ph.D.
  • Instructievorm
    Hybrid
Als er nog iets onduidelijk is, kijk even naar de FAQ van CTU (Czech Republic).

Aanbod

  • Startdatum

    17 februari 2025

    • Einddatum
      21 september 2025
    • Periode *
      Summer 2024/2025
    • Voertaal
      Engels
    Inschrijvingsperiode gesloten
Dit aanbod is voor studenten van EPFL (Switzerland)