Software Security
| Course ID
|
ISOFSE
|
| Credits
|
6
|
| Scheduled
|
Second semester (First year)
|
2009 / 2010
Examination
| Exam Date
|
?
|
| Exam location
|
?
|
Learning objects
- Common security vulnerabilities, such as input validation problems (buffer overflows, SQL injections, etc.), race conditions, broken access control, XSS, CSRF, etc.
- Security measures in the software development life cycle: architecture, language/platform, implementation, testing, code review
- Language-based security: typing, (Java) sandboxing, untrusted code security
- Information flow
- (Tool-supported) Static Analysis
- Examples of advanced type systems, e.g. for alias control or information flow
- Program Verification and Proof-Carrying Code (PCC)
Course description
At the end of the course students can explain the common ways in which software security fails;
are able to identify security objectives of applications and identify likely places where they might fail;
can explain methods and technologies that can help in the development of secure software;
can apply some of these techniques in practice.
Concrete examples of attacks and countermeasures are often specific to a certain setting (a programming language and/or type of application); the aim provide enough insight to be able to assess problems and proposed solutions in other situations.