Secure coding
- About
- e-Leadership MBA
- Graduate Professional Program
- Joint Graduate Study Programme in Computer Science - Internet of Things and Artificial Intelligence
- Lecture Plan
- Computing
- Undergraduate University Program
- Learning outcomes on the program level
- Learning outcomes on the program level
- Admission
- Learning outcomes on the program level
- Learning outcomes on the program level
- Apply now
- Learning outcomes on the program level
- Learning outcomes on the program level
- Learning outcomes on the program level
- Learning outcomes on the program level
- Useful Information
- Learning outcomes on the program level
- Learning outcomes on the program level
- Useful Information
- Professional Title Acquired
- 3D Design
- Design
- Duration of the Study Program
- Undergraduate Professional Program
- Lecture Plan
- Lecture Plan
- Lecture Plan
- Useful Information
- Useful Information
- Software Package Included in the Price of the Study
- Software Package Included in the Price of the Study
- Course Schedules
- Course Schedules
- Professional Title Acquired
- Duration of the Study Program
- Digital Marketing
- Software Package Included in the Price of the Study
- Duration of the Study Program
- Lecture Plan
- Professional Title Acquired
- Useful Information
- Course Schedules
- Multimedia Computing
- Industry Certifications
- Course Schedules
- Professional Title Acquired
- Software Package Included in the Price of the Study
- System Engineering
- Duration of the Study Program
- Lecture plan
- Course Schedules
- Professional Title Acquired
- Software Package Included in the Price of the Study
- Industry Certifications
- Useful Information
- Software Engineering
- Duration of the Study Program
- Software Package Included in the Price of the Study
- Course Schedules
- Lecture Plan
- Industry Certifications
- Useful Information
- Professional Title Acquired
- Creative Market Communications Management
- Duration of the Study Program
- Course Schedules
- Industry Certifications
- Lecture Plan
- Useful Information
- Duration of the Study Program
- Software Package Included in the Price of the Study
- Digital Marketing
- Who Can Enroll
- Professional Title Acquired
- Software Package Included in the Price of the Study
- Course Schedules
- Lecture Plan
- Professional Title Acquired
- Useful Information
- Useful Information
- Data Science
- Industry Certifications
- Course Schedules
- Jobs and necessary knowledge and skills that graduates will be prepared for
- Course Schedules
- Duration of the Study Program
- Software Package Included in the Price of the Study
- Lecture Plan
- Duration of the Study
- Game Development
- Professional Title Acquired
- Who Can Enroll
- Professional Title Acquired
- MITx MicroMasters® program
- Useful Information
- Lecture Plan
- Software Package Included in the Price of the Study
- System Engineering
- Duration of the Study
- Who can Apply
- Course Schedules
- Lecture Plan
- Software Engineering
- Software Engineering
- Useful Information
- Study Duration
- Lecture Plan
- Lecture Plan
- Useful Information
- Useful Information
- Learning outcomes on the program level
- Learning outcomes on the program level
- Industry Certifications
- Industry Certifications
- Professional Title Acquired
- Professional Title Acquired
- Duration of the Study Program
- Duration of the Study Program
- Course Schedules
- Course Schedules
- Learning outcomes on the program level
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Class 15
- Practice 30
- Independent work 105
Course title
Secure coding
Lecture type
Obligatory
Course code
21-02-510
Semester
2
ECTS
5
Lecturers and associates
Course overview
This module introduces students to common security vulnerabilities and issues and teaches them how to write secure code that minimizes possible attack vectors.
This module is intended for students who already know how to write code and are interested in learning about security challenges and how to mitigate them by writing a more secure code. Skills learnt in this module will contribute significantly to students’ development as professionals in respecting fields.
Students will learn:
• About security vulnerabilities and security threats.
• How to do static code analysis with current tools in order to detect issues.
• How to secure communication between client and web application server.
• About injection attack prevention techniques.
• About safeguards to prevent potential attacks arising from unsecure deserialization.
• About user authentication methods to prevent unauthorized access to confidential data.
The module is taught in Java programming language. The module assessment is based on solving a series of smaller practical tasks and on individual student projects. In these projects, students must create secure applications to the given specifications.
Literature
Essential reading:
1. Long, F. et al (2013) Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs. 1st edn. Boston: Addison-Wesley Professional.
Recommended reading:
1. Long, F. et al (2011) CERT Oracle Secure Coding Standard for Java. 1st edn. Boston: Addison-Wesley Professional.
Minimal learning outcomes
- Analyse security vulnerabilities and threats to existing software solutions using dedicated tools.
- Using a static code analysis tool to detect problems and generate a report on them.
- Implement communication protection between client and web application server using standardized tokens.
- Use injection attack prevention techniques to implement protection mechanisms on the web application to prevent this type of attack.
- Implement safeguards to prevent potential attacks arising from unsecure deserialization.
- Use best practices to implement user authentication to prevent unauthorized access to confidential data.
Preferred learning outcomes
- Analyse security vulnerabilities and threats to existing client-server software solutions using dedicated tools.
- Using a static code analysis tool to detect problems, generate a report on them and suggest course of actions.
- Implement communication protection between client and web application server using standardized tokens, including token refreshes.
- Detect the need and use injection attack prevention techniques to implement protection mechanisms on the web application to prevent this type of attack.
- Detect the need and implement safeguards to prevent potential attacks arising from unsecure deserialization.
- Use best practices to implement user authorization to prevent unauthorized access to confidential data.