CCOG for CIS 234R Winter 2025
- Course Number:
- CIS 234R
- Course Title:
- Secure Coding
- Credit Hours:
- 4
- Lecture Hours:
- 30
- Lecture/Lab Hours:
- 0
- Lab Hours:
- 30
Course Description
Intended Outcomes for the course
Upon successful completion of the course students should be able to:
1. Describe various vulnerabilities and risks in software.
2. Demonstrate techniques including testing and static code analysis to find vulnerabilities in software.
3. Apply secure coding practices to mitigate vulnerabilities in software.
4. Write code that is robust and secure.
Course Activities and Design
This course will be presented by means of lecture and lab.
Outcome Assessment Strategies
Students will be assessed on their mastery of the course learning outcomes via the following instruments:
- Written and/or oral reports
- Documented source code
- Executable software applications
Course Content (Themes, Concepts, Issues and Skills)
Outcome: Describe various vulnerabilities and risks in software
- Threats and risk analysis
- Injection vulnerabilities
- Memory-based vulnerabilities
- Number and data type vulnerabilities
- Broken authentication
- Data leakage
- Serialization and deserialization vulnerabilities
- Risks in using APIs
- Platform-specific vulnerabilities
- Common Weakness Enumeration (CWE)
- OWASP Top 10
Outcome: Use techniques including testing and static code analysis to find vulnerabilities in software
- Software quality assurance
- Code reviews
- Testing strategies
- Static code analysis tools
Outcome: Apply secure coding practices to mitigate vulnerabilities in software
- Secure SDLC
- Secure design
- Input validation and sanitization
- Parameter binding for database communication
- Protecting memory
- Number and data type handling
- Exception handling
- Encapsulation
- Secure inheritance
- Secure serialization and deserialization
- Using APIs securely
Outcome: Write code that is robust and secure
- Software security principles
- Ethical behavior in software development
- Secure coding standards, such as CERT
- Secure database application coding
- Authentication
- Use of cryptography
- Secure storage and transmission of user account information