BC4001 Principles of Secure Coding Syllabus:

BC4001 Principles of Secure Coding Syllabus – Anna University PG Syllabus Regulation 2021

COURSE OBJECTIVES:

 Identify and analyze security problems and their vulnerabilities in software.
 Understand the various static analysis methods for secure programming.
 Understand the different secure coding techniques for handling inputs, errors, integer and string operations in a software.
 Effectively apply their knowledge to write a secure web application

UNIT I SOFTWARE SECURITY

Security Concepts, Security Policy, Security Flaws, Vulnerabilities, Exploitation and Mitigations. Software Security problems, Classification of Vulnerabilities.

UNIT II STATIC ANALYSIS

Problem Solving with static analysis: Type Checking, Style Checking, Program understanding, verifications and property checking, Bug finding and Security Review.

UNIT III STRINGS AND INTEGER SECURITY

Strings: Common String manipulating Errors, String Vulnerabilities and Exploits, Mitigation Strategies for strings, String handling functions, Runtime protecting strategies, Dynamic Memory Management: Memory Management errors in C and C++ , Notable Vulnerabilities. Integer Security: Integer data Type, Integer Conversions, Integer Operations, Integer Vulnerabilities, Mitigation Strategies.

UNIT IV HANDLING INPUTS AND EXCEPTIONS

Handling Inputs: What to validate, How to validate, Preventing metadata Vulnerabilities, Buffer Overflow: Introduction, Exploiting buffer overflow vulnerabilities, Buffer allocation strategies, Tracking buffer sizes, buffer overflow in strings, Buffer overflow in Integers Runtime Protections. Errors and Exceptions: Handling Error with return code, Managing exceptions, Preventing Resource leaks, Logging and debugging.

UNIT V SECURE WEB APPLICATIONS

Input and Output Validation for the Web: Browser Subverted, HTTP Considerations: Use POST, Not GET, Request Ordering, Error Handling, Request Provenance. Maintaining Session State: Use Strong Session Identifiers, Enforce a Session Idle Timeout and a Maximum Session Lifetime, Begin a New Session upon Authentication.

COURSE OUTCOMES:

CO1: Apply secure coding practices when developing a software.
CO2: Understand and perform a static analysis and security review of a software code.
CO3: Evaluate strings and integer vulnerabilities in a software code.
CO4: Handle inputs, overflow mechanisms, errors and exceptions in a software code.
CO5: Design a secure web application by performing input and output validation techniques on the web.

TOTAL: 45 PERIODS

REFERENCES

1. Seacord, R. C., Secure Coding in C and C++, Addison Wesley, Software Engineering Institute, 2nd edition, 2013. (UNIT- III)
2. Chess, B., and West, J., Secure Programming with Static Analysis, Addison Wesley Software Security Series, 2007. (UNIT-II,IV,V)
3. Seacord, R. C., The CERT C Secure Coding Standard, Pearson Education, 2009.
4. Howard, M., LeBlanc, D., Writing Secure Code, 2nd Edition. Pearson Education, 2002.

Related posts:

  1. AP4006 Hardware Secure Computing Syllabus
  2. AR3010 Parametric Modelling and Coding Syllabus
  3. CU4001 Wavelets and Subband Coding Syllabus
  4. MG8591 Principles of Management Syllabus
  5. MU4153 Principles of Multimedia Syllabus
  6. OBT554 Principles of Food Preservation Syllabus
  7. OCE433 Principles of Sustainable Development Syllabus
  8. IS4101 Principles of Safety Management Syllabus
  9. CP4154 Principles of Programming Languages Syllabus
  10. CE4151 Principles of Cyber Security Syllabus
  11. CS8351 Digital Principles and System Design Syllabus
  12. CS3351 Digital Principles and Computer Organization Syllabus