Inhalt

[ 921NESESECK13 ] KV Secure Code

Versionsauswahl
Workload Education level Study areas Responsible person Hours per week Coordinating university
1,5 ECTS M1 - Master's programme 1. year Computer Science René Mayrhofer 1 hpw Johannes Kepler University Linz
Detailed information
Pre-requisites Good knowledge of programming will be required. Participants should be familiar with both Java and C, and have at least working knowledge of HTML / HTTP and SQL.

In terms of courses: required courses include Softwareentwicklung 1, Softwareentwicklung 2, Informationssysteme 1 and Systemnahe Programmierung; recommended courses include Praktikum aus Softwareentwicklung 2.

Original study plan Master's programme Computer Science 2022W
Objectives Participants will acquire an understanding of the most widely found security vulnerabilities in code and their causes. They will be aware of their problem scope, how to identify threats and the characteristics of common attack vectors. As practical abilities they will learn is finding and fixing insecure code, specifically eliminating those common vulnerabilities, as well as preventing future problems and avoid coding pitfalls. They will have an understanding of secure software development processes and know how to test code for security.
Subject
  • principles and techniques of secure software development
  • security risk rankings and taxonomies
  • code injection (SQL injection, cross-site scripting XSS)
  • (buffer) overflows, format string attacks
  • I/O handling (canonicalization, validation, sanitization)
  • information exposure, guarding secrets (keys, passwords)
  • defensive and diligent coding
  • resilience and anti-tampering (denial of service, obfuscation)
  • safe parallelization (deadlocks, race conditions)
  • authentication, authorization, privilege management
  • secure software development processes
  • specific features of languages and environments
Criteria for evaluation
  • 3-4 individual assignments
  • written exam at the end
  • final grade is a combination of assignment grades and exam grade
Methods Lecture, practical assignments with individual feedback, discussion of examples during class sessions, possibility to discuss and ask questions in an online forum
Language English
Study material no compulsory reading; supplemental literature:

  • Writing Secure Code. Howard and LeBlanc. Microsoft Press, 2003.
  • The CERT® Oracle® Secure Coding Standard for Java. Long et al. Addison-Wesley Professional, 2011.
  • Secure Programming Cookbook for C and C++. Viega and Messier. O'Reilly, 2003.
  • Foundations of Security: What Every Programmer Needs to Know. Kern, Kesavan and Daswani. Apress, 2007.
Changing subject? No
Further information https://www.jku.at/en/institute-of-networks-and-security/
Corresponding lecture in collaboration with 921NESECRYK13: KV Cryptography (3 ECTS) equivalent to
INMNPKVKRYP: KV Kryptographie (4,5 ECTS)

INMAWKVSECC: KV Secure Code (1,5 ECTS)
On-site course
Maximum number of participants -
Assignment procedure Direct assignment