Skip to content | Change text size
Handbooks Courses Units
 

FIT3056 - Secure and trusted software systems

6 points, SCA Band 2, 0.125 EFTSL

Undergraduate Faculty of Information Technology

Leader: Phu Dung Le

Offered

Caulfield Second semester 2008 (Day)

Synopsis

Students are introduced to some of the most common security issues involved in the development of software, including secure coding practices, secure database access, secure data communications, security of web applications, use of encryption techniques and security testing. Students are provided with a range of practical exercises to reinforce their skills, including authenticating and authorizing users programmatically, user input validation, developing secure web, mobile/wireless and database applications, encrypting and hashing data programmatically, generating digital signatures programmatically, security testing, designing logging and auditing mechanisms.

Objectives

At the completion of this unit students should have knowledge of the main security concepts and issues involved in the development of software, including:

  1. Software security versus other aspects of computer security;
  2. Goals of secure and trusted software;
  3. Vulnerabilities versus threats;
  4. Best software development principles and practices;
  5. Buffer overflows;
  6. Security of programming platforms;
  7. Authentication and authorisation;
  8. Principle of least privilege;
  9. Security features are not equal to secure features; 10. Secure use of encryption;
  10. User input validation;
  11. Reliable software components;
  12. Data privacy;
  13. Auditing and logging;
  14. Security testing.

At the completion of this unit students will acquire an understanding and appreciation of:
  1. the importance of developing secure software in today's electronic world;
  2. They will also learn that security features are not equal to secure features.

In developing secure and trusted software, students will be able to:
  1. Design applications with security in mind
  2. Validate user input;
  3. Implement secure authentication mechanisms;
  4. Authorise user's access to various protected resources;
  5. Encrypt files and hash passwords;
  6. Store session data securely in web applications;
  7. Perform secure database access;
  8. Set up secure transfer of data;
  9. Create security logs;
  10. Test software for security vulnerabilities.

Assessment

Examination (3 hours): 60%
Assignments: 40%

Prerequisites

FIT1019, FIT1002

Prohibitions

CSE3207 (Translation for CSE3207)
[an error occurred while processing this directive]