Course detail

Secure Coding

FIT-SCOAcad. year: 2022/2023

Not applicable.

Language of instruction

Czech

Number of ECTS credits

5

Mode of study

Not applicable.

Guarantor

doc. Dr. Ing. Petr Hanáček

Department

Department of Intelligent Systems (UITS)

Learning outcomes of the course unit

Not applicable.

Prerequisites

Not applicable.

Co-requisites

Not applicable.

Planned learning activities and teaching methods

Not applicable.

Assesment methods and criteria linked to learning outcomes

Not applicable.

Course curriculum

Not applicable.

Work placements

Not applicable.

Aims

 

Specification of controlled education, way of implementation and compensation for absences

Not applicable.

Recommended optional programme components

Not applicable.

Prerequisites and corequisites

Not applicable.

Basic literature

Not applicable.

Recommended reading

Fred Long et al. The Oracle/CERT Secure Coding Standard for Java, Addison-Wesley, 2011. Available online at http://www.cert.org/secure-coding/
John Viega, Matt Messier: Secure Programming Cookbook for C and C++, 2003, O'Reilly Media, Inc., ISBN: 9780596003944
Michael Howard, David LeBlanc: Writing Secure Code, Microsoft Press, Second Edition, ISBN-13: 978-0735617223
Michael Howard, Steve Lipner: The Security Development Lifecycle, 2006, Microsoft Press, ISBN: 0735622140
Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF), https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04232020.pdf
Ross Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition, ISBN: 978-1-119-64281-7
The OWASP web application security project: https://www.owasp.org/

Elearning

eLearning: currently opened course

Classification of course in study plans

  • Programme MITAI Master's

    specialization NADE , 0 year of study, winter semester, elective
    specialization NBIO , 0 year of study, winter semester, elective
    specialization NCPS , 0 year of study, winter semester, elective
    specialization NEMB , 0 year of study, winter semester, elective
    specialization NGRI , 0 year of study, winter semester, elective
    specialization NHPC , 0 year of study, winter semester, elective
    specialization NIDE , 0 year of study, winter semester, elective
    specialization NISD , 0 year of study, winter semester, elective
    specialization NISY , 0 year of study, winter semester, elective
    specialization NISY up to 2020/21 , 0 year of study, winter semester, elective
    specialization NMAL , 0 year of study, winter semester, elective
    specialization NMAT , 0 year of study, winter semester, elective
    specialization NNET , 0 year of study, winter semester, elective
    specialization NSEC , 0 year of study, winter semester, elective
    specialization NSEN , 0 year of study, winter semester, elective
    specialization NSPE , 0 year of study, winter semester, elective
    specialization NVER , 0 year of study, winter semester, elective
    specialization NVIZ , 0 year of study, winter semester, elective
    specialization NEMB up to 2021/22 , 0 year of study, winter semester, elective

Type of course unit

 

Lecture

26 hod., optionally

Teacher / Lecturer

doc. Dr. Ing. Petr Hanáček
doc. Dr. Ing. Dušan Kolář
Mgr. Kamil Malinka, Ph.D.

Syllabus

  1. Úvod, rekapitulace pojmů (robustní kód, bezpečný kód, samo se chránící kód, reentrantní kód, intermediární kód, binární kód, binární kód pro VM, role OS, role VM, ...). (DK)
  2. Cíle útočníků, únik z pískovište, elevace privilegií, cesta od zranitelnosti k exploitu, CVE. (HaP)
  3. Základní zranitelnosti kompilovaných jazyků - buffer overflow, řetězce, integer overflow. (HaP)
  4. Mechanismy ochrany paměti, ochrana zásobníku, Return oriented programming, ASLR. Základní zranitelnosti interpretovaných jazyků - práce s pamětí, use after free. (HaP)
  5. Usable security a vliv UX na bezpečnost celého systému. Bezpečnost implementace protokolů, IoT, bezpečnost API. (KM)
  6. Validace vstupních hodnot, testování, fuzzing. (DK)
  7. Statická a dynamická analýza. (DK)
  8. Standardy pro bezpečné kódování, OWASP, SSDF. (KM)
  9. Bezpečné generování náhodných čísel. (HaP)
  10. Seminář - Útok na javascript a jak se tomu bránit. (DK, KM)
  11. Seminář - Útok na Java a jak se tomu bránit. (DK, KM)
  12. Seminář - Útoky na binárku a jak se tomu bránit. (DK, KM)
  13. Seminář - Demonstrace zajímavých projektů, řešení. (KM)

Project

26 hod., optionally

Teacher / Lecturer

doc. Dr. Ing. Dušan Kolář
Mgr. Kamil Malinka, Ph.D.

Syllabus

Samostatně řešené projekty.

Elearning

eLearning: currently opened course