Inhalt
[ 921NESESECK13 ] KV (*)Secure Code
|
|
|
|
| (*) Leider ist diese Information in Deutsch nicht verfügbar. |
 |
| Workload |
Ausbildungslevel |
Studienfachbereich |
VerantwortlicheR |
Semesterstunden |
Anbietende Uni |
| 1,5 ECTS |
M1 - Master 1. Jahr |
Informatik |
René Mayrhofer |
1 SSt |
Johannes Kepler Universität Linz |
|
|
|
| Detailinformationen |
| Anmeldevoraussetzungen |
(*)Good knowledge of programming will be required. Participants should be familiar with both Java and C, and have at least working knowledge of HTML / HTTP and SQL.
In terms of courses: required courses include Softwareentwicklung 1, Softwareentwicklung 2, Informationssysteme 1 and Systemnahe Programmierung; recommended courses include Praktikum aus Softwareentwicklung 2.
|
| Quellcurriculum |
Masterstudium Computer Science 2025W |
| Lernergebnisse |
Kompetenzen |
| (*)Upon successful completion of the course, students will be able to independently assess the security of software applications, identifying potential vulnerabilities and proposing appropriate mitigations, to design and develop secure software systems that are resilient against common attack vectors and adhere to established security principles, and to integrate security considerations throughout the software development lifecycle, from requirements gathering to deployment and maintenance.
|
|
| Fertigkeiten |
Kenntnisse |
(*)Students are able to:
- Identify and categorize common security vulnerabilities in source code (K4, K5)
- Develop exploits to demonstrate vulnerabilities in insecure applications (K6)
- Implement fixes for common vulnerabilities such as SQL injection, cross-site scripting, and buffer overflow (K3, K6)
- Apply input validation and sanitization techniques to prevent injection attacks (K3)
- Use secure coding practices to protect sensitive information and prevent unauthorized access (K4, K5, K6)
- Analyze source code to detect potential security flaws and weaknesses (K4, K5)
- Implement proper authentication and authorization mechanisms in applications (K6)
- Conduct security testing on software to identify vulnerabilities (K4, K5)
- Apply secure design principles to software architecture and development processes (K3, K4, K5)
|
(*)- Principles and techniques of secure software development
- Security risk rankings and taxonomies
- Common vulnerabilities: code injection (SQL injection, cross-site scripting XSS), (buffer) overflows, format string attacks
- Input/output handling techniques: canonicalization, validation, sanitization
- Information exposure risks and methods for guarding secrets (keys, passwords)
- Defensive coding practices
- Concurrency issues: deadlocks, race conditions
- Authentication, authorization, and privilege management concepts
- Secure software development processes
- Security considerations for specific programming languages and environments
|
|
| Beurteilungskriterien |
(*)- 3-4 individual assignments
- written exam at the end
- final grade is a combination of assignment grades and exam grade
|
| Lehrmethoden |
(*)Lecture, practical assignments with individual feedback, discussion of examples during class sessions, possibility to discuss and ask questions in an online forum
|
| Abhaltungssprache |
Englisch |
| Literatur |
(*)no compulsory reading; supplemental literature:
- Writing Secure Code. Howard and LeBlanc. Microsoft Press, 2003.
- The CERT® Oracle® Secure Coding Standard for Java. Long et al. Addison-Wesley Professional, 2011.
- Secure Programming Cookbook for C and C++. Viega and Messier. O'Reilly, 2003.
- Foundations of Security: What Every Programmer Needs to Know. Kern, Kesavan and Daswani. Apress, 2007.
|
| Lehrinhalte wechselnd? |
Nein |
| Sonstige Informationen |
(*)https://www.jku.at/en/institute-of-networks-and-security/
|
| Äquivalenzen |
(*)in collaboration with 921NESECRYK13: KV Cryptography (3 ECTS) equivalent to
INMNPKVKRYP: KV Kryptographie (4,5 ECTS)
INMAWKVSECC: KV Secure Code (1,5 ECTS)
|
|
|
|
| Präsenzlehrveranstaltung |
| Teilungsziffer |
- |
| Zuteilungsverfahren |
Direktzuteilung |
|
|
|
