An advanced topics on developing secure computer systems. Security services, Security models: determining security requirements; designing secure software architecture; and verifying security requirements. Secure coding principles, practices, and methods including least privilege, threat modelling, and static analysis. Covers common vulnerabilities such as buffer overruns, integer overflows, injection attacks, cross-site scripting, and weak error handling in detail. Hacking techniques and attack types; public and private key encryption; Authentication; Digital signature; User identification and access control. Internet security: security protocols, email and web security; security technologies and tools such as: Firewalls, IDS and IPS.
The course aims to provide students with advanced understanding of the importance of security throughout the software development process, and apply various methods and techniques for vulnerabilities detection through team project work and research investigation.