PTCB3591 Engineering Secure Software Systems Syllabus

PTCB3591 Engineering Secure Software Systems Syllabus:

PTCB3591 Engineering Secure Software Systems Syllabus – Anna University Part time Regulation 2023

COURSE OBJECTIVES:

 Know the importance and need for software security.
 Know about various attacks.
 Learn about secure software design.
 Understand risk management in secure software development.
 Know the working of tools related to software security.

UNIT I NEED OF SOFTWARE SECURITY AND LOW-LEVEL ATTACKS

Software Assurance and Software Security – Threats to software security – Sources of software insecurity – Benefits of Detecting Software Security – Properties of Secure Software – MemoryBased Attacks: Low-Level Attacks Against Heap and Stack – Defense Against Memory-Based Attacks

UNIT II SECURE SOFTWARE DESIGN

Requirements Engineering for secure software – SQUARE process Model – Requirements elicitation and prioritization- Isolating The Effects of Untrusted Executable Content – Stack Inspection – Policy Specification Languages – Vulnerability Trends – Buffer Overflow – Code Injection – Session Hijacking. Secure Design – Threat Modeling and Security Design Principles

UINT III SECURITY RISK MANAGEMENT

Risk Management Life Cycle – Risk Profiling – Risk Exposure Factors – Risk Evaluation and Mitigation – Risk Assessment Techniques – Threat and Vulnerability Management

UNIT IV SECURITY TESTING

Traditional Software Testing – Comparison – Secure Software Development Life Cycle – Risk Based Security Testing – Prioritizing Security Testing With Threat Modeling – Penetration Testing – Planning and Scoping – Enumeration – Remote Exploitation – Web Application Exploitation – Exploits and Client Side Attacks – Post Exploitation – Bypassing Firewalls and Avoiding Detection – Tools for Penetration Testing

UNIT V SECURE PROJECT MANAGEMENT

Governance and security – Adopting an enterprise software security framework – Security and project management – Maturity of Practice

30 PERIODS
PRACTICAL EXERCISES

1. Implement the SQL injection attack.
2. Implement the Buffer Overflow attack.
3. Implement Cross Site Scripting and Prevent XSS.
4. Perform Penetration testing on a web application to gather information about the system, then initiate XSS and SQL injection attacks using tools like Kali Linux.
5. Develop and test the secure test cases
6. Penetration test using kali Linux

30 PERIODS
COURSE OUTCOMES:

Upon completion of the course, the student will be able to
CO1: Identify various vulnerabilities related to memory attacks.
CO2: Apply security principles in software development.
CO3: Evaluate the extent of risks.
CO4: Involve selection of testing techniques related to software security in the testing phase of software development.
CO5: Use tools for securing software.

TOTAL: 60 PERIODS
TEXT BOOKS:

1. Julia H. Allen, “Software Security Engineering”, Pearson Education, 2008
2. Evan Wheeler, “Security Risk Management: Building an Information Security Risk Management Program from the Ground Up”, First edition, Syngress Publishing, 2011
3. Chris Wysopal, Lucas Nelson, Dino Dai Zovi, and Elfriede Dustin, “The Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press)”, Addison-Wesley Professional, 2006

REFERENCES:

1. Robert C. Seacord, “Secure Coding in C and C++ (SEI Series in Software Engineering)”, Addison-Wesley Professional, 2005.
2. Jon Erickson, “Hacking: The Art of Exploitation”, 2nd Edition, No Starch Press, 2008.
3. Mike Shema, “Hacking Web Apps: Detecting and Preventing Web Application Security Problems”, First edition, Syngress Publishing, 2012
4. Bryan Sullivan and Vincent Liu, “Web Application Security, A Beginner’s Guide”, Kindle Edition, McGraw Hill, 2012
5. Lee Allen, “Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide (Open Source: Community Experience Distilled)”, Kindle Edition, Packt Publishing,2012
6. Jason Grembi, “Developing Secure Software”