top of page

Software Security

Course Code:

Course Credits:

4

Program:

Details:

Executive M.Tech

About the Course:

The course presents the challenges and mechanisms to develop safe and secure software. The main focus of the course is to provide an insight of the software vulnerabilities, its consequences during exploitation and the procedure to harden the system against those attacks.

Course Objectives:

  • Apply and manage secure software development process.

  • Gain a good comprehension of the landscape of Operating system vulnerabilities.

  • Gain the ability to analyse the secure coding practises and advocate about the significance of vulnerabilities.

  • Learn representative tools for web application security analysis.

  • Realize the capabilities and limitations by threat modelling and understand the best testing practices.

Course Outcomes:

At the end of the course, the student will be able to

  • Apply a strategy to design software with security.

  • Understand the vulnerabilities of commonly used Operating Systems and browsers.

  • Comprehend the security limitations of C programming language.

  • Analyses various threats and privacy issues involved in we application development and apply mitigation approaches to avoid them.

  • Inspect various security testing strategies and apply penetration testing to understand the intrusion resiliency.

Pre-requisite:UE21CS505-CyberSecurity Essentials

Course Content:

Unit 1:

Introduction - 12 Hours

Recent Software threats and Vulnerabilities referenced on Security Standards Organizations. The CIA Triad - Core Security Principles, Security Concepts and Relationships, developing secure software: Use cases and Misuse cases, Secure Software Development Life Cycle, Program Memory Layout, Software Debugger (GDB), Code Disassembly (objdump), Memory analysis using Valgrind

Unit 2:

Privilege Escalation attacks - 12 Hours

Set UID program and environment variable, Shell shock attack program. Buffer Overflow: Vulnerable code, Stack and Function Invocation, Challenges in exploitation, Shellcode, Countermeasures, Function Prologue and Epilogue; Format String Vulnerability: Functions with Variable number of arguments, Exploiting format string and Mitigation approaches

Unit 3:

Malware and Threat Modelling - 10 Hours

Review of Threat Modelling techniques, Applying STRIDE threat modelling technique, Privacy threats, Taxonomy Of Privacy, privacy tools, processing threats, defensive tactics and technologies. EOP card game, Malware- AbraWorm, Stuxnet worm and Morris Worm

Unit 4:

Web Application Security - 12 Hours

Security Issues and Challenges in browser and web applications, SQL Injection- Basic Structure of Web Traffic, Relational Database Elements, Interacting with Database in Web Application, Launching SQL Injection Attacks, Cross Site Request Forgery Attacks on HTTP GET / POST Services, Cross-Site Scripting Attack, HTTP Security-MITM attack

Unit 5:

Security Testing - 10 Hours

Static analysis, Penetration testing - Benefits and Drawbacks, Pen testing tools review, Network probing using nmap and Metasploit framework; Ethical Hacking, FUZZING, A case study and practical study on exploiting the vulnerability and penetrating the system

Textbooks:

1: “Computer Security- A Hands on Approach”, Wenliang Du, 1st Edition, Create Space, 2019

Refrence Books:

“Computer Security – Principles and Practice”, William Stallings and Lawrie Brown, 4th Edition, Pearson, 2018

Tools & Languages:

Claynet and Wireshark

Course Content:

bottom of page