Semester Two 2012
This course provides students with skills to design and implement secure application programs, which are not vulnerable to malicious attacks.
This course is concerned with designing and implementing secure application programs, that is,
programs that are not vulnerable to malicious attacks. By the end of the course, students should
be familiar with why security is important, what types of vulnerabilities can be present in software,
how they can be exploited, and how to go about developing software that is sufficiently secure. The
course involves significant practical work including assignments.
Design of secure web service infrastructure including topics such as: security requirements definition, system specification, security procedure definition and security management and audit, threat and vulnerability analysis, information leakage, integrity violation, Denial of Service (or - how to build a secure web-based infrastructure). Security of web server design is an important part of this course.
Types of vulnerabilities and how they arise
Best software development principles and practices
Goals of secure and trusted software
Exploitation of vulnerabilities, e.g. buffer overflows etc
Principles of security architecture, e.g. input validation, principles of least privilege etc
Design and implementation of secure web servers
Design and implementation of secure applications
Secure operations (Security features are not necessarily secure features)
Use of encryption and authentication
Automation and testing
Security case studies.
Subject to approval of the Head of Department.
Dong Seong Kim
Prof. Dipak Ghosal (Erskine Fellow.)
For further information see
Computer Science and Software Engineering.
All COSC424 Occurrences
Semester Two 2012