Course Syllabus

SE 4340 Secure Coding Practices

Course Description

A study of the principles, practices, procedures and methodologies of securely handling, processing and storing data. It examines practices and patterns related to secure code at various levels of the software stack, from user interface code, back end processing and storage. It appraises common attack vectors / methods and how to guard against them.

Justification

Understanding security is more important than ever in coding and data storage. Software system breaches are significant to both business and consumers. Security needs to be a focus throughout the entire software development lifecycle. This course is required by the Bachelor of Science in Software Engineering degree.

Student Learning Outcomes

1. Students will be able to explain security design principles.
2. Students will be able to apply security principles when they analyze and design projects.
3. Students will be able to implement projects using security primitives.
4. Students will be able to utilize tools for security analysis.
5. Students will be able to evaluate the security of project implementations.

Course Content

This course will cover the following modules:
• Web Application Security & Practices including SQL injection, cross-site scripting, cross-site request forgery, cookies and hidden form fields.
• Implementation Security & Practices including buffer overruns, string formatting issues, integer overflows, exceptions, command injection, information leakage, race conditions, principle of least privilege.
• Cryptographic Security & Practices including weak passwords, weak cryptography, incorrect cryptography.
• Networking Security & Practices including network security overview, secure network transmission, name resolution.
• Vulnerability & risk mitigation, vulnerability assessments, & QA testing.