A study of the principles, practices, procedures and methodologies of securely handling, processing and storing data. It examines practices and patterns related to secure code at various levels of the software stack, from user interface code, back end processing and storage. It appraises common attack vectors / methods and how to guard against them.
Understanding security is more important than ever in coding and data storage. Software system breaches are significant to both business and consumers. Security needs to be a focus throughout the entire software development lifecycle. This course is required by the Bachelor of Science in Software Engineering degree.
This course will cover the following modules:
• Web Application Security & Practices including SQL injection, cross-site scripting, cross-site request forgery, cookies and hidden form fields.
• Implementation Security & Practices including buffer overruns, string formatting issues, integer overflows, exceptions, command injection, information leakage, race conditions, principle of least privilege.
• Cryptographic Security & Practices including weak passwords, weak cryptography, incorrect cryptography.
• Networking Security & Practices including network security overview, secure network transmission, name resolution.
• Vulnerability & risk mitigation, vulnerability assessments, & QA testing.