Inhalt
[ 921NESESECK13 ] KV Secure Code
|
|
|
|
|
Workload |
Education level |
Study areas |
Responsible person |
Hours per week |
Coordinating university |
1,5 ECTS |
M1 - Master's programme 1. year |
Computer Science |
René Mayrhofer |
1 hpw |
Johannes Kepler University Linz |
|
|
|
Detailed information |
Pre-requisites |
Good knowledge of programming will be required. Participants should be familiar with both Java and C, and have at least working knowledge of HTML / HTTP and SQL.
In terms of courses: required courses include Softwareentwicklung 1, Softwareentwicklung 2, Informationssysteme 1 and Systemnahe Programmierung; recommended courses include Praktikum aus Softwareentwicklung 2.
|
Original study plan |
Master's programme Computer Science 2022W |
Objectives |
Participants will acquire an understanding of the most widely found security vulnerabilities in code and their causes. They will be aware of their problem scope, how to identify threats and the characteristics of common attack vectors. As practical abilities they will learn is finding and fixing insecure code, specifically eliminating those common vulnerabilities, as well as preventing future problems and avoid coding pitfalls. They will have an understanding of secure software development processes and know how to test code for security.
|
Subject |
- principles and techniques of secure software development
- security risk rankings and taxonomies
- code injection (SQL injection, cross-site scripting XSS)
- (buffer) overflows, format string attacks
- I/O handling (canonicalization, validation, sanitization)
- information exposure, guarding secrets (keys, passwords)
- defensive and diligent coding
- resilience and anti-tampering (denial of service, obfuscation)
- safe parallelization (deadlocks, race conditions)
- authentication, authorization, privilege management
- secure software development processes
- specific features of languages and environments
|
Criteria for evaluation |
- 3-4 individual assignments
- written exam at the end
- final grade is a combination of assignment grades and exam grade
|
Methods |
Lecture, practical assignments with individual feedback, discussion of examples during class sessions, possibility to discuss and ask questions in an online forum
|
Language |
English |
Study material |
no compulsory reading; supplemental literature:
- Writing Secure Code. Howard and LeBlanc. Microsoft Press, 2003.
- The CERT® Oracle® Secure Coding Standard for Java. Long et al. Addison-Wesley Professional, 2011.
- Secure Programming Cookbook for C and C++. Viega and Messier. O'Reilly, 2003.
- Foundations of Security: What Every Programmer Needs to Know. Kern, Kesavan and Daswani. Apress, 2007.
|
Changing subject? |
No |
Further information |
https://www.jku.at/en/institute-of-networks-and-security/
|
Corresponding lecture |
in collaboration with 921NESECRYK13: KV Cryptography (3 ECTS) equivalent to INMNPKVKRYP: KV Kryptographie (4,5 ECTS)
INMAWKVSECC: KV Secure Code (1,5 ECTS)
|
|
|
|
On-site course |
Maximum number of participants |
- |
Assignment procedure |
Direct assignment |
|
|
|