| SYLLABUS | |||||||||||||||
| University: Technical University of Košice | |||||||||||||||
| Faculty: Faculty of Electrical Engineering and Informatics | |||||||||||||||
| Department: Department of Computers and Informatics |
|||||||||||||||
| Course Number: 26001201 | Course Name: Software security | ||||||||||||||
| Type, scope and method of learning activities: Course Type: Lecture, Laboratory exercise Recommended scope of the course content (in hours): Full-time study (hours per week): 2,2 Part-time study (hours per semester): 26,26 Study Method: Attendance |
|||||||||||||||
| Number of credits: 6 | |||||||||||||||
| Recommended semester of study: WT | |||||||||||||||
| Recommended semester | Study programme | Study grade | Study Method | ||||||||||||
| 2.rok WT | Cybersecurity (KB_Ing_D_sk) Informatics (INF_Ing_D_sk) Informatics (INF_Ing_D_en) |
Master Master Master |
Attendance Attendance Attendance |
||||||||||||
| Level of study: | |||||||||||||||
| Prerequisites: | |||||||||||||||
| Course completion requirements: Assessment and completion of the course: Credit test and examination Continuous assessment: Student passes the continuous assessment and receives credits when he or she meets the requirement to obtain at least 21% out of 40%. Credit test Final assessment: Student passes the final assessment and passes the examination when he or she meets the requirement to obtain at least 31% out of 60%. Examination Overall assessment: Overall assessment is the sum of the assessments obtained by students in the assessment period. The overall result is determined in accordance with the internal regulations of the Technical University in Košice. (Study Regulations, the internal regulation principles of doctoral studies) |
|||||||||||||||
| Learning outcomes: The subject aims to become familiar with the principles and practices of secure programming. Secure programming means creating secure software without vulnerabilities that attackers could exploit. The result is the application of security features of libraries such as authentication, encryption, and others. |
|||||||||||||||
| Brief course content: 1. Principles of safe programming 2. Defensive programming 3. Input control, data validation 4. Tank overflow 5. Race gambling 6. Static, dynamic analysis 7. Security of sensitive data 8. Selection of programming language 9. Testing 10. SDLC and Security |
|||||||||||||||
| Recommended Reference Sources: 1. J. Viega and G. McGraw. Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, 2001. 2. M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press, second edition, 2003. 3. David Basin, Patrick Schaller, Michael Schlapfer. Applied Information Security: A Hands-on Approach. Springer, 2011. 4. Fred Long et al. The Oracle/CERT Secure Coding Standard for Java, Addison-Wesley, 2011. Available online at http://www.cert.org/secure-coding/. 5. B. Chess and J. West. Secure Programming with Static Analysis. Addison-Wesley, 2007. 6. The OWASP web application security project: https://www.owasp.org/. |
|||||||||||||||
| Recommended optional program components: |
|||||||||||||||
| Languages required for the course completion: | |||||||||||||||
| Notes: | |||||||||||||||
| Course assessment: Total number of students assessed: 0 |
|||||||||||||||
| A | B | C | D | E | FX | ||||||||||
| 0% | 0% | 0% | 0% | 0% | 0% | ||||||||||
| Teacher: doc. Ing. Martin Chovanec, PhD. doc. Ing. Branislav Madoš, PhD. |
|||||||||||||||
| Last modified: 01.09.2022 | |||||||||||||||
| Approved by: person(s) responsible for the study program | |||||||||||||||