FIT3056 - Secure and trusted software systems
6 points, SCA Band 2, 0.125 EFTSL
Undergraduate Faculty of Information Technology
Leader(s): Dr Phu Dung Le
Offered
Caulfield Second semester 2009 (Day)
Synopsis
Students are introduced to some of the most common security issues involved in the development of software, including secure coding practices, secure database access, secure data communications, security of web applications, use of encryption techniques and security testing. Students are provided with a range of practical exercises to reinforce their skills, including authenticating and authorizing users programmatically, user input validation, developing secure web, mobile/wireless and database applications, encrypting and hashing data programmatically, generating digital signatures programmatically, security testing, designing logging and auditing mechanisms.
Objectives
At the completion of this unit students should have knowledge of the main security concepts and issues involved in the development of software, including:
- Software security versus other aspects of computer security;
- Goals of secure and trusted software;
- Vulnerabilities versus threats;
- Best software development principles and practices;
- Buffer overflows;
- Security of programming platforms;
- Authentication and authorisation;
- Principle of least privilege;
- Security features are not equal to secure features; 10. Secure use of encryption;
- User input validation;
- Reliable software components;
- Data privacy;
- Auditing and logging;
- Security testing.
At the completion of this unit students will acquire an understanding and appreciation of:
- the importance of developing secure software in today's electronic world;
- They will also learn that security features are not equal to secure features.
In developing secure and trusted software, students will be able to:
- Design applications with security in mind
- Validate user input;
- Implement secure authentication mechanisms;
- Authorise user's access to various protected resources;
- Encrypt files and hash passwords;
- Store session data securely in web applications;
- Perform secure database access;
- Set up secure transfer of data;
- Create security logs;
- Test software for security vulnerabilities.
Assessment
Examination (3 hours): 60%
Assignments: 40%
Contact hours
2 hour lecture/week, 2 hour tutorial/week
Prerequisites
Prohibitions
CSE3207 (Translation for CSE3207)