Scribd
Upload
198 views3 pages

Engineering Secure Software Systems

Uploaded by

yasirabdullah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
198 views3 pages

Engineering Secure Software Systems

Uploaded by

yasirabdullah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Engineering Secure Software Systems

0B3591 ENGINEERING SECURE SOFTWARE SYSTEMS LTPc


2023

COURSE OBJECTIVES,

+ Know the importance and need for software security.

Know about various attacks,

Lear about secure software design.


Understand risk management in secure software development.
‘Know the working of tools related to software security.

UNIT NEED OF SOFTWARE SECURITY AND LOW-LEVEL ATTACKS 6


Software Assurance and Software Security - Threats to software security - Sources of
software
insecurity - Benefits of Detecting Software Security - Properties of Secure Software ~
Memory-
Based Attacks: Low-Level Attacks Against Heap and Stack - Defense Against Memory-Based
Attacks

UNIT SECURE SOFTWARE DESIGN 7


Requirements Engineering for secure software - SQUARE process Model - Requirements
elicitation and priotization- Isolating The Effects of Untrusted Executable Content - Stack
Inspection ~ Policy Specification Languages ~ Vulnerabilty Trends ~ Buffer Overflow ~
Code
Injection - Session Hijacking. Secure Design - Threat Modeling and Security Design
Principles

UINTIL SECURITY RISK MANAGEMENT E


Risk Management Life Cycle ~ Risk Profiling ~ Risk Exposure Factors ~ Risk Evaluation and
Mitigation — Risk Assessment Techniques ~ Threat and Vulnerability Management

UNITIV. SECURITY TESTING. 8


Traditional Software Testing - Comparison - Secure Software Development Life Cycle - Risk

Based Security Testing ~ Prioritizing Security Testing With Threat Modeling — Penetration
Testing
= Planning and Scoping - Enumeration — Remote Exploitation - Web Application
Exploitation -

Secure Project Management and Practical Exercises


Exploits and Client Side Attacks ~ Post Exploitation ~ Bypassing Firewalls and Avoiding
Detection
- Tools for Penetration Testing

UNITV SECURE PROJECT MANAGEMENT 4


Governance and security - Adopting an enterprise software security framework - Security
and
project management - Maturity of Practice

30 PERIODS
PRACTICAL EXERCISES
Implement the SQL injection attack,
Implement the Buffer Overflow attack.
Implement Cross Site Scripting and Prevent XS.
Perform Penetration testing on a web application to gather information about the system,
then
initiate XSS and SL injection attacks using tools ike Kali Linux.
Develop and test the secure test cases
Penetration test using kali Linux

30 PERIODS
‘COURSE OUTCOMES:
‘Upon completion ofthe course, the student will be able to
CO1: Identify various vulnerabilities related to memory attacks.
C02: Apply security principles in software development.
COS: Evaluate the extent of risks.
CO4: Involve selection of testing techniques related to software securily in the testing phase
of
software development.
‘COS: Use tools for securing software.

‘TOTAL: 60 PERIODS:

Textbooks and References


TEXT BOOKS:

1. Julia H. Allen, “Software Security Engineering", Pearson Education, 2008


2. Evan Wheeler, “Security Risk Management: Building an Information Security Risk
Management
Program from the Ground Up”, First edition, Syngress Publishing, 2014

3. Chris Wysopal, Lucas Nelson, Dino Dai Zovi, and Eiriede Dustin, “The Art of Software
Security
Testing: Identifying Software Security Flaws (Symantec Press)’, Addison-Wesley
Professional
2006

REFERENCES:

1. Robert C. Seacord, "Secure Coding in C and C++ (SEI Series in Software Engineering)’,
‘Addison-Wesley Professional, 2005,

2. Jon Erickson, "Hacking: The Art of Exploitation’, 2nd Edition, No Starch Press, 2008.

3. Mike Shema, “Hacking Web Apps: Detecting and Preventing Web Application Security
Problems’, First edition, Syngress Publishing, 2012

4. Bryan Sullivan and Vincent Liu, “Web Application Security, A Beginner's Guide", Kindle
Ezition, McGraw Hil, 2012

5. Lee Allen, “Advanced Penetration Testing for Highly-Secured Environments: The Utimate
Security Guide (Open Source: Community Experience Distilled)’, Kindle Edition, Packt
Publshing,2012

6. Jason Grembi, “Developing Secure Software

You might also like