COSC424-12S2 (C) Semester Two 2012
Secure Software

Description

This course is concerned with designing and implementing secure application programs, that is,
programs that are not vulnerable to malicious attacks. By the end of the course, students should
be familiar with why security is important, what types of vulnerabilities can be present in software,
how they can be exploited, and how to go about developing software that is sufficiently secure. The
course involves significant practical work including assignments.

Design of secure web service infrastructure including topics such as: security requirements definition, system specification, security procedure definition and security management and audit, threat and vulnerability analysis, information leakage, integrity violation, Denial of Service (or - how to build a secure web-based infrastructure). Security of web server design is an important part of this course.

Topics include:
 Types of vulnerabilities and how they arise
 Best software development principles and practices
 Goals of secure and trusted software
 Exploitation of vulnerabilities, e.g. buffer overflows etc
 Principles of security architecture, e.g. input validation, principles of least privilege etc
 Design and implementation of secure web servers
 Design and implementation of secure applications
 Secure operations (Security features are not necessarily secure features)
 Use of encryption and authentication
 Automation and testing
 Security case studies.

Pre-requisites

For further information see Computer Science and Software Engineering.