At the end of the course, the student
- Will understand the basics terms and mechanisms of secure software development and potential attacks against vulnerable programs.
- Will be able to write code in low and high level programming languages using methods from secure software development.
- Will be able to analyse programs written in high and low level programming languages for potential security vulnerabilities using methods from static and dynamic analysis and implement countermeasures against those vulnerabilities.
- Will be able to apply the skills in a modern software development environment.
The course studies the nature of security vulnerabilities in software systems, the techniques to detect and prevent these problems by proper programming and programming languages, and their embedding in a security-aware software development process.
• Software Security Vulnerabilities (buffer and integer overflows, exploitation techniques, code injection (SQL, XSS), race conditions, information exposure);
• Principles of Secure Programming (coding standards for secure defaults & failures, least privilege, preventing injection attacks by input validation and output sanitization);
• Language-Based Security (memory & type safety, access control, static and dynamic semantics, type soundness);
• Static Analysis Techniques (control, data & information flow analysis).
• Dynamic Analysis Techniques (runtime monitoring, fuzzing and penetration testing)
• Integrating security analysis tools in a modern software development environment (DevOps, DevSecOps, security pipelines)