BC4015 Secure Software Design and Development Syllabus:

BC4015 Secure Software Design and Development Syllabus – Anna University PG Syllabus Regulation 2021

COURSE OBJECTIVES:

 To fix software flaws and bugs in various software.
 To make aware of various issues like weak random number generation, information leakage, poor usability and weak or no encryption on data traffic.
 Techniques for successfully implementing and supporting network services on an enterprise scale and heterogeneous systems environment.
 Methodologies and tools to design and develop secure software containing minimum vulnerabilities and flaws.

UNIT I SECURE SOFTWARE DESIGN

Software vulnerabilities identification – software security analysis, security programming practices, fundamental software security design concepts, security testing and quality assurance.

UNIT II ENTERPRISE APPLICATION DEVELOPMENT

Scope of enterprise software applications, Distributed N-tier software application design, Research technologies available for the presentation, Business and data tiers of an enterprise software application, Enterprise database system, Different tiers in an enterprise system, Present software solution.

UNIT III ENTERPRISE SYSTEMS ADMINISTRATION

Directory-based server infrastructure in a heterogeneous systems environment, Server resource utilization for system reliability and availability, Administer network services (DNS/DHCP/Terminal Services/Clustering/Web/Email).

UNIT IV ENTERPRISE NETWORK

Troubleshoot a network running multiple services management, Requirements of an enterprise network, enterprise network management

UNIT V DEFENDING APPLICATIONS

Handle insecure exceptions and command/SQL injection, web and mobile application defences against attackers, vulnerabilities and flaws in software.

TOTAL: 45 PERIODS

PRACTICALS:

1. Study of various open source security tools for Application testing, Code Review, Penetration Testing, Vulnerability Assessment, Vulnerability Scanner etc.
2. Design and develop multi-tier applications for an enterprise.
3. Installation of Directory based Server and monitoring resource utilization.
4. Practicals based on network services such as DNS/DHCP/Terminal Services/Clustering/Web/Email
5. Study of SQL Injection Problem.
6. Developing applications that can defend against SQL injection problems.

TOTAL: 30 PERIODS

TOTAL:45+30=75 PERIODS

COURSE OUTCOMES:

After the completion of this course, student will be able to
CO1: Differentiate between various software vulnerabilities.
CO2: Explain the Software process vulnerabilities for an organization.
CO3: Demonstrate the Monitor resources consumption in software.
CO4: Explain the Interrelate security and software development process.
CO5: Discuss the Case study of DNS server, DHCP configuration and SQL injection attack.

REFERENCES

1. Theodor Richardson, Charles N Thies, “Secure Software Design”, Jones & Bartlett Publishers, 2013
2. Kenneth R. van Wyk, Mark G. Graff, Dan S. Peters, Diana L. Burley, “Enterprise Software Security: A Confluence of Disciplines”, Addison Wesley Professional, 1st edition, 2014
3. Loren Kohnfelder, Designing Secure Software, No Starch Press, 2021, ISBN: 9781718501928
4. Douglas A. Ashbaugh, Security Software Development Assessing and Managing Security Risks, Auerbach Publications, 2019, ISBN 9780367386603
5. Mouratidis, H., “Software Engineering for Secure Systems: Industrial and Research Perspectives”, October, 2010, ISBN: 9781615208388
6. Mark S. Merkow, Lakshmikanth Raghavan, Secure and Resilient Software Development, June 2010, Auerbach Publications, ISBN: 9781498759618