About the Course:
The course presents the challenges and mechanisms to develop safe and secure software. The main focus of the course is to provide an insight of the software vulnerabilities, its consequences during exploitation and the procedure to harden the system against those attacks.
Course Objectives:
Apply and manage secure software development process.
Gain a good comprehension of the landscape of Operating system vulnerabilities.
Gain the ability to analyse the secure coding practises and advocate about the significance of vulnerabilities.
Learn representative tools for web application security analysis.
Realize the capabilities and limitations by threat modelling and understand the best testing practices.
Course Outcomes:
At the end of the course, the student will be able to
Apply a strategy to design software with security.
Understand the vulnerabilities of commonly used Operating Systems and browsers.
Comprehend the security limitations of C programming language.
Analyses various threats and privacy issues involved in we application development and apply mitigation approaches to avoid them.
Inspect various security testing strategies and apply penetration testing to understand the intrusion resiliency.
Pre-requisite:UE21CS505-CyberSecurity Essentials
Course Content:
Unit 1:
Introduction - 12 Hours
Recent Software threats and Vulnerabilities referenced on Security Standards Organizations. The CIA Triad - Core Security Principles, Security Concepts and Relationships, developing secure software: Use cases and Misuse cases, Secure Software Development Life Cycle, Program Memory Layout, Software Debugger (GDB), Code Disassembly (objdump), Memory analysis using Valgrind
Unit 2:
Privilege Escalation attacks - 12 Hours
Set UID program and environment variable, Shell shock attack program. Buffer Overflow: Vulnerable code, Stack and Function Invocation, Challenges in exploitation, Shellcode, Countermeasures, Function Prologue and Epilogue; Format String Vulnerability: Functions with Variable number of arguments, Exploiting format string and Mitigation approaches
Unit 3:
Malware and Threat Modelling - 10 Hours
Review of Threat Modelling techniques, Applying STRIDE threat modelling technique, Privacy threats, Taxonomy Of Privacy, privacy tools, processing threats, defensive tactics and technologies. EOP card game, Malware- AbraWorm, Stuxnet worm and Morris Worm
Unit 4:
Web Application Security - 12 Hours
Security Issues and Challenges in browser and web applications, SQL Injection- Basic Structure of Web Traffic, Relational Database Elements, Interacting with Database in Web Application, Launching SQL Injection Attacks, Cross Site Request Forgery Attacks on HTTP GET / POST Services, Cross-Site Scripting Attack, HTTP Security-MITM attack
Unit 5:
Security Testing - 10 Hours
Static analysis, Penetration testing - Benefits and Drawbacks, Pen testing tools review, Network probing using nmap and Metasploit framework; Ethical Hacking, FUZZING, A case study and practical study on exploiting the vulnerability and penetrating the system
Textbooks:
1: “Computer Security- A Hands on Approach”, Wenliang Du, 1st Edition, Create Space, 2019
Refrence Books:
“Computer Security – Principles and Practice”, William Stallings and Lawrie Brown, 4th Edition, Pearson, 2018
Tools & Languages:
Claynet and Wireshark
Course Content: