Objectives and outcomes
Introduction to the basics of software security, the most common problems in the field of software security and ways to solve them. Upon completion of the course, students have a basic knowledge of computer system security technologies such as symmetric encryption algorithms, digital signature and PK systems. They are aware of the necessity of creating security policies within computer systems. They understand the importance and basic concepts of software security, recognise the most common software security flaws and devise a strategy to avoid or eliminate such flaws.
Lectures
The assessment and treatment of security risks. Security policy. Physical security. Potential attacks. Possible ways of defense. Protection technologies. Protection protocols. Protection at the application, transport and network layer of computer networks. Network barriers and network intrusion protection system. Software and hardware protection solutions. Software security issues. Reasons for software security breaches. The most common examples of vulnerabilities in software security, examples of program code and ways to fix vulnerabilities (buffer overflow, falling out of the range of possible values, SQL injection, inserting a script into a web page). Web application security mistakes. Session security. Session security techniques. Secure data storage and transmission. Categorization for software security problems (CWE – Common Weakness Enumeration). Characteristics of programming languages, technologies and operating systems from the aspect of software security. Software security verification procedures. Safety testing (fuzzing).
Practical classes
Configuration of basic network protocols and security software. Open-source vulnerability assessment tools. Popular vulnerability databases analysis and an exploit. Examples of a code that has a buffer overflow or out-of-range problems. Exercises to fix the program code to avoid security problems. The illustration of a SQL injection problem. Practice implementing techniques to overcome SQL injection problems. The implementation of secure execution of sessions. A case study of security testing of one desktop and one web application that uses a database. Exercising writing and performing software security tests.
1 thought on “Computer Systems Security”
Comments are closed.