Course

Syllabus

Balancing security and usability – User authentication mechanisms, Secure browsing, Social media, and data sharing, Countermeasures for possible social engineering attacks in design, Secure interactive design, Access-controlled and clean environment to build software, Target environment hardening and secure application deployment, Threat Modeling – STRIDE. Risk Assessment – DREAD, Attack trees, Security testing: Common Vulnerabilities and Exploits, CVSS scoring, SAST, DAST, IAST, SonarQube, Code smells, Fortify, Fuzzing-AFL. Software security economics – logging/monitoring and operational security aspects, Enhance Detection Engineering with Agile DevSecOps, SOC tech stack, EDR, SOAR, XDR, MDR, Endpoint Security Testing, Snyk, Cluster (Kubernetes), Container (Docker) Security, Software Composition Analysis, Blackduck, OSS licensing models. 

Prerequisite

24CY613 Concepts in System Security

Course Outcome

CO-PO Mapping

1. S. Garfinkel and L. F. Cranor, Security and Usability: Designing Secure Systems That People Can Use , O’Reilly, 2008. 
2. Bird, Jim. “DevOpsSec: Securing software through continuous delivery .” (2016). 
3. Tim Mather, Subra Kumaraswamy, Shahed: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance, O’Reilly, 2009. 
4. Anderson, Ross J., Security Engineering: A Guide to Building Dependable Distributed Systems, John Wiley & Sons, 2010. 
5. M. Tehranipoor, and C. Wang, Introduction to Hardware Security and Trust , Springer, 2011. 
6. C. W. Axelrod, Engineering Safe and Secure Software Systems , Artech House, 2013. 
7. Antonio Borghesi and Barbara Gaudenzi: Risk Management: How to Assess, Transfer and Communicate Critical Risks , Springer, 2013. 
8. Steve Watkins: An Introduction to Information Security and ISO27001:2013: A Pocket Guide, 2nd Edition, IT Governance Publishing, 2013.