This course equips students with the knowledge and skills needed to build software that is difficult to exploit. It covers the technical aspects of secure coding with additional focus on the software designprocess to ensure that security is part and parcel of the design rather than an afterthought. Topics covered in this course include: an introduction to cryptography; understanding current and emerging threats; securing the network, operating system and database environments; vulnerability mapping and incorporating security into the software development process. This course is a prerequisite for students who are desirous of becoming IT security consultants, secure software developers or IT security auditors. Face-to-face lecturers, online presentations, hands-on lab sessions, and in-class discussions will be used in the delivery of the course material.
On successful completion of this course, students will be able to:
· Identify threats to the software, network, operating system and database environments
· Identify mitigation techniques
· Identify how security affects the software design process
· Apply common techniques for improving system security
· Apply disaster and recovery techniques to operating systems
· Apply a security approach to database management
· Analyse weaknesses in existing systems
· Design an investigation into the programming languages used in the system
· Develop a secure system
· Evaluate the elements of the requirements document that assert security.
IT managers; IT team leaders; Application developers; Web Application Developers; Network Administrators; Systems Administrators; Software Quality Assurance Analysts; Application Security Analysts; Computer Science/ IT graduates interested in a career in software and system security
The following topics/concepts/theories/issues will be addressed:
· Current and emerging threats
· The network environment o Cryptography o Secrecy o Types of network attacks
· The operating system environment o Threats o Defense tactics o Auditing and monitoring o Remote access security o Backup and redundancy o Business application · The database environment o Conceptual, logical and physical design
· Programming language vulnerabilities and assessment
· Security requirements planning
· Vulnerability mapping
· Architecture security decisions
· Application review and testing
· Integrating security with the software development process
· Secure data management
· Web application threats
There are no specific requirements to be eligible to enroll is this course.
This course will be delivered using a combination of interactive lectures, online and face-to-face discussions and laboratories. Students are required to read preparatory material and complete assigned homework given by the lecturer and be prepared to participate in discussions. Laboratory sessions will be used to provide hands-on experiences in secure software design. Students are expected to prepare assigned programming and developmental exercises prior to arriving at the laboratory.
Credit Hours Five (5) hours of lectures and two (2) hours of labs each week for six (6) weeks.
Dr. C. Gittens (Coordinator)
