Course detail
Secure Coding
FIT-SCOAcad. year: 2022/2023
Not applicable.
Language of instruction
Number of ECTS credits
Mode of study
Guarantor
Department
Learning outcomes of the course unit
Prerequisites
Co-requisites
Planned learning activities and teaching methods
Assesment methods and criteria linked to learning outcomes
Course curriculum
Work placements
Aims
Specification of controlled education, way of implementation and compensation for absences
Recommended optional programme components
Prerequisites and corequisites
Basic literature
Recommended reading
John Viega, Matt Messier: Secure Programming Cookbook for C and C++, 2003, O'Reilly Media, Inc., ISBN: 9780596003944
Michael Howard, David LeBlanc: Writing Secure Code, Microsoft Press, Second Edition, ISBN-13: 978-0735617223
Michael Howard, Steve Lipner: The Security Development Lifecycle, 2006, Microsoft Press, ISBN: 0735622140
Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF), https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04232020.pdf
Ross Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition, ISBN: 978-1-119-64281-7
The OWASP web application security project: https://www.owasp.org/
Elearning
Classification of course in study plans
- Programme MITAI Master's
specialization NADE , 0 year of study, winter semester, elective
specialization NBIO , 0 year of study, winter semester, elective
specialization NCPS , 0 year of study, winter semester, elective
specialization NEMB , 0 year of study, winter semester, elective
specialization NGRI , 0 year of study, winter semester, elective
specialization NHPC , 0 year of study, winter semester, elective
specialization NIDE , 0 year of study, winter semester, elective
specialization NISD , 0 year of study, winter semester, elective
specialization NISY , 0 year of study, winter semester, elective
specialization NISY up to 2020/21 , 0 year of study, winter semester, elective
specialization NMAL , 0 year of study, winter semester, elective
specialization NMAT , 0 year of study, winter semester, elective
specialization NNET , 0 year of study, winter semester, elective
specialization NSEC , 0 year of study, winter semester, elective
specialization NSEN , 0 year of study, winter semester, elective
specialization NSPE , 0 year of study, winter semester, elective
specialization NVER , 0 year of study, winter semester, elective
specialization NVIZ , 0 year of study, winter semester, elective
specialization NEMB up to 2021/22 , 0 year of study, winter semester, elective
Type of course unit
Lecture
Teacher / Lecturer
Syllabus
- Úvod, rekapitulace pojmů (robustní kód, bezpečný kód, samo se chránící kód, reentrantní kód, intermediární kód, binární kód, binární kód pro VM, role OS, role VM, ...). (DK)
- Cíle útočníků, únik z pískovište, elevace privilegií, cesta od zranitelnosti k exploitu, CVE. (HaP)
- Základní zranitelnosti kompilovaných jazyků - buffer overflow, řetězce, integer overflow. (HaP)
- Mechanismy ochrany paměti, ochrana zásobníku, Return oriented programming, ASLR. Základní zranitelnosti interpretovaných jazyků - práce s pamětí, use after free. (HaP)
- Usable security a vliv UX na bezpečnost celého systému. Bezpečnost implementace protokolů, IoT, bezpečnost API. (KM)
- Validace vstupních hodnot, testování, fuzzing. (DK)
- Statická a dynamická analýza. (DK)
- Standardy pro bezpečné kódování, OWASP, SSDF. (KM)
- Bezpečné generování náhodných čísel. (HaP)
- Seminář - Útok na javascript a jak se tomu bránit. (DK, KM)
- Seminář - Útok na Java a jak se tomu bránit. (DK, KM)
- Seminář - Útoky na binárku a jak se tomu bránit. (DK, KM)
- Seminář - Demonstrace zajímavých projektů, řešení. (KM)
Project
Teacher / Lecturer
Syllabus
Elearning