IY5607 Software Security

Second term, optional module. Available block mode only during 2011-12.

Module leader

A. Fuchsberger.

Aims

The course will examine the vulnerabilities that exist in computer programs and how the development of type-safe and object oriented languages has contributed to the improvement of program security. In particular we will consider the security features of Java and the .NET Framework.

The course will:

identify the vulnerabilities that can be introduced into programs through language features and poor programming practice;
discuss the generic techniques that can be applied to improve the security of programs and applications;
consider the specific support provided for developing secure applications in the .NET Framework and Java.

Objectives

On completion of the module the students should be able to:

explain the importance of security in the development of applications, particularly in the context of distributed software and web services;
be able to identify poor programming practice;
appreciate the support for secure software development that has been made available to programmers in the .NET Framework and Java.

Provisional syllabus

Background
Vulnerabilities and Attacks
Countermeasures
Mobile Code
Case Study: Java Technology
Case Study: The .NET Framework
Web Application Programming
Web Services Security
Deployment and Configuration

Method of examination

Written examination.