-
Presentation
Presentation
This CU teaches secure programming, and to detect vulnerabilities in the software code.
-
Class from course
Class from course
-
Degree | Semesters | ECTS
Degree | Semesters | ECTS
Master Degree | Semestral | 7
-
Year | Nature | Language
Year | Nature | Language
2 | Mandatory | Português
-
Code
Code
ULHT457-1-25060
-
Prerequisites and corequisites
Prerequisites and corequisites
Not applicable
-
Professional Internship
Professional Internship
Não
-
Syllabus
Syllabus
PC1. Vulnerability identification and classification. Common Weakness Enumeration (CWE) classification
PC2. Secure programming techniques and common vulnerabilities. Input and output validation, buffer overflows, client-state manipulation, SQL injection, cross-domain security
PC3. Risk management frameworks and processes
PC4. Code review using static analysis tools
PC5. Architectural risk analysis
PC6. Penetration testing
PC7. Security testing
PC8. SDLC
PC9. Cloud security
-
Objectives
Objectives
The key objective of this module are as follows:
LG1. Learn the principles of secure programming, to write programs in a safe fashion, to avoid vulnerabilities that can be exploited by attackers
LG2. Learn the practices of secure programming, including the use of security features provided by libraries, such as authentication and encryption.
LG3. Apply these principles to several programming languages and platforms
-
Teaching methodologies and assessment
Teaching methodologies and assessment
TM1: Expositional: Theoretical exposition according to the syllabus. Assessment with final exam (50%)
TM2: Practical: Hands-on projects with support from the professor. Assessment with a project developed by the student (50%).
Important assessment notes:
- Mandatory Minimum score of 10.
- Both components of evaluation are mandatory, regardless of the period when they are made.
-
References
References
Matt Bishop (2004), Introduction to Computer Security. Addison Wesley Professional.
Anderson, R. (2020). Security engineering: a guide to building dependable distributed systems. John Wiley & Sons.
Gary McGraw. (2006). Software Security: Building Security In. Addison-Wesley Professional.
Correia, M. P., & Sousa, P. J. (2010). Segurança no software. FCA.
Gary McGraw. (2006). Software Security: Building Security In. Addison-Wesley Professional.
Fred Long et al. (2011). The Oracle/CERT Secure Coding Standard for Java. Addison-Wesley Professional. Available online at http://www.cert.org/secure-coding/.
Neil Daswani, Christoph Kern, Anita Kesavan. (2007). Foundations of Security. APRESS Springer Nature.
-
Office Hours
Office Hours
-
Mobility
Mobility
No
