Objectives and outcomes
Introduction to the basics of software security, the most common problems in the field of software
security and ways to solve them. Upon completion of the course, students will have a deeper
understanding of the meaning and basic concepts of software security and will be able to identify the
most common vulnerabilities in software security and devise a strategy to avoid or eliminate such
vulnerabilities.
Lectures
The role of security in software engineering. Software security problem. Reasons for software security
vulnerabilities. The most common examples of software vulnerabilities, examples of program
codes and ways to solve vulnerabilities (buffer overflow, falling out of the range of possible
values, SQL injection, inserting a script into a web page). Failures in online flow monitoring and web
application security. Session security. Session security techniques. Secure data storage and
transmission. Categorisation of software security problems (CWE – Common Weakness Enumeration).
Characteristics of programming languages, technologies and operating systems from the aspect of
software security. Software security verification procedures. Safety testing (fuzzing).
Practical classes
Examples of program code in which there is a problem of buffer overflow or out -of- range value.
Exercises for correcting program code in order to avoid the mentioned security problems. Illustration of
SQL injection problems. Exercise implementation of techniques for overcoming SQL injection problems.
Implementing secure session execution. A case study of the security check of a desktop application that
uses a database. A case study of the security check of a web application that uses a database.
Exercising writing and performing software security tests.