CCOG for CIS 234R Fall 2024


Course Number:
CIS 234R
Course Title:
Secure Coding
Credit Hours:
4
Lecture Hours:
30
Lecture/Lab Hours:
0
Lab Hours:
30

Course Description

Covers security vulnerabilities and risks in software, including common weaknesses exploited by attackers. Introduces techniques for finding vulnerabilities in software. Covers secure coding practices for mitigating vulnerabilities and writing robust and secure code. Recommended: CIS 140L. Audit available. Prerequisites: (CIS 233J or CIS 233N or CIS 233W or CIS 233Y or CIS 295N or CIS 295P or CS 162) or instructor permission.

Intended Outcomes for the course

Upon successful completion of the course students should be able to:

1. Describe various vulnerabilities and risks in software.

2. Demonstrate techniques including testing and static code analysis to find vulnerabilities in software.

3. Apply secure coding practices to mitigate vulnerabilities in software.

4. Write code that is robust and secure.

Course Activities and Design

This course will be presented by means of lecture and lab.

Outcome Assessment Strategies

Students will be assessed on their mastery of the course learning outcomes via the following instruments:

  • Written and/or oral reports
  • Documented source code
  • Executable software applications

Course Content (Themes, Concepts, Issues and Skills)

Outcome: Describe various vulnerabilities and risks in software

  • Threats and risk analysis
  • Injection vulnerabilities
  • Memory-based vulnerabilities
  • Number and data type vulnerabilities
  • Broken authentication
  • Data leakage
  • Serialization and deserialization vulnerabilities
  • Risks in using APIs
  • Platform-specific vulnerabilities
  • Common Weakness Enumeration (CWE)
  • OWASP Top 10

Outcome: Use techniques including testing and static code analysis to find vulnerabilities in software

  • Software quality assurance
  • Code reviews
  • Testing strategies
  • Static code analysis tools

Outcome: Apply secure coding practices to mitigate vulnerabilities in software

  • Secure SDLC
  • Secure design
  • Input validation and sanitization
  • Parameter binding for database communication
  • Protecting memory
  • Number and data type handling
  • Exception handling
  • Encapsulation
  • Secure inheritance
  • Secure serialization and deserialization
  • Using APIs securely

Outcome: Write code that is robust and secure

  • Software security principles
  • Ethical behavior in software development
  • Secure coding standards, such as CERT
  • Secure database application coding
  • Authentication
  • Use of cryptography
  • Secure storage and transmission of user account information