Secure coding
- Class 15
- Practice 30
- Independent work 105
Course title
Secure coding
Lecture type
Obligatory
Course code
23-02-510
Semester
2
ECTS
5
Lecturers and associates
Course overview
This module introduces students to common security vulnerabilities and issues and teaches them how to write secure code that minimizes possible attack vectors.
This module is intended for students who already know how to write code and are interested in learning about security challenges and how to mitigate them by writing a more secure code. Skills learnt in this module will contribute significantly to students’ development as professionals in respecting fields.
Students will learn:
• About security vulnerabilities and security threats.
• How to do static code analysis with current tools in order to detect issues.
• How to secure communication between client and web application server.
• About injection attack prevention techniques.
• About safeguards to prevent potential attacks arising from unsecure deserialization.
• About user authentication methods to prevent unauthorized access to confidential data.
The module is taught in Java programming language. The module assessment is based on solving a series of smaller practical tasks and on individual student projects. In these projects, students must create secure applications to the given specifications.
Literature
Essential reading:
1. Long, F. et al (2013) Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs. 1st edn. Boston: Addison-Wesley Professional.
Recommended reading:
1. Long, F. et al (2011) CERT Oracle Secure Coding Standard for Java. 1st edn. Boston: Addison-Wesley Professional.
Professional Master in Computer Engineering
Professional Master in Computer Engineering
Minimal learning outcomes
- Analyse security vulnerabilities and threats to existing software solutions using dedicated tools.
- Using a static code analysis tool to detect problems and generate a report on them.
- Implement communication protection between client and web application server using standardized tokens.
- Use injection attack prevention techniques to implement protection mechanisms on the web application to prevent this type of attack.
- Implement safeguards to prevent potential attacks arising from unsecure deserialization.
- Use best practices to implement user authentication to prevent unauthorized access to confidential data.
Preferred learning outcomes
- Analyse security vulnerabilities and threats to existing client-server software solutions using dedicated tools.
- Using a static code analysis tool to detect problems, generate a report on them and suggest course of actions.
- Implement communication protection between client and web application server using standardized tokens, including token refreshes.
- Detect the need and use injection attack prevention techniques to implement protection mechanisms on the web application to prevent this type of attack.
- Detect the need and implement safeguards to prevent potential attacks arising from unsecure deserialization.
- Use best practices to implement user authorization to prevent unauthorized access to confidential data.