[ 921NESESECK13 ] KV (*)Secure Code

(*) Leider ist diese Information in Deutsch nicht verfügbar.
Workload Ausbildungslevel Studienfachbereich VerantwortlicheR Semesterstunden Anbietende Uni
1,5 ECTS M1 - Master 1. Jahr Informatik René Mayrhofer 1 SSt Johannes Kepler Universität Linz
Anmeldevoraussetzungen (*)Good knowledge of programming will be required. Participants should be familiar with both Java and C, and have at least working knowledge of HTML / HTTP and SQL.

In terms of courses: required courses include Softwareentwicklung 1, Softwareentwicklung 2, Informationssysteme 1 and Systemnahe Programmierung; recommended courses include Praktikum aus Softwareentwicklung 2.

Quellcurriculum Masterstudium Computer Science 2022W
Ziele (*)Participants will acquire an understanding of the most widely found security vulnerabilities in code and their causes. They will be aware of their problem scope, how to identify threats and the characteristics of common attack vectors. As practical abilities they will learn is finding and fixing insecure code, specifically eliminating those common vulnerabilities, as well as preventing future problems and avoid coding pitfalls. They will have an understanding of secure software development processes and know how to test code for security.
Lehrinhalte (*)
  • principles and techniques of secure software development
  • security risk rankings and taxonomies
  • code injection (SQL injection, cross-site scripting XSS)
  • (buffer) overflows, format string attacks
  • I/O handling (canonicalization, validation, sanitization)
  • information exposure, guarding secrets (keys, passwords)
  • defensive and diligent coding
  • resilience and anti-tampering (denial of service, obfuscation)
  • safe parallelization (deadlocks, race conditions)
  • authentication, authorization, privilege management
  • secure software development processes
  • specific features of languages and environments
Beurteilungskriterien (*)
  • 3-4 individual assignments
  • written exam at the end
  • final grade is a combination of assignment grades and exam grade
Lehrmethoden (*)Lecture, practical assignments with individual feedback, discussion of examples during class sessions, possibility to discuss and ask questions in an online forum
Abhaltungssprache Englisch
Literatur (*)no compulsory reading; supplemental literature:

  • Writing Secure Code. Howard and LeBlanc. Microsoft Press, 2003.
  • The CERT® Oracle® Secure Coding Standard for Java. Long et al. Addison-Wesley Professional, 2011.
  • Secure Programming Cookbook for C and C++. Viega and Messier. O'Reilly, 2003.
  • Foundations of Security: What Every Programmer Needs to Know. Kern, Kesavan and Daswani. Apress, 2007.
Lehrinhalte wechselnd? Nein
Sonstige Informationen (*)
Äquivalenzen (*)in collaboration with 921NESECRYK13: KV Cryptography (3 ECTS) equivalent to
INMNPKVKRYP: KV Kryptographie (4,5 ECTS)

INMAWKVSECC: KV Secure Code (1,5 ECTS)
Teilungsziffer -
Zuteilungsverfahren Direktzuteilung