Course

PROFESSIONAL ELECTIVES Electives in Cyber Security

Unit I

Introduction to Secure Coding Practices – Importance of secure coding in software development – Common software vulnerabilities and their impact, Secure coding principles and best practices, Overview of secure coding frameworks and guidelines.

Input Validation and Data Sanitization – Importance of input validation in preventing injection attacks -Techniques for input validation and data sanitization – Handling user-controlled input securely – Protecting against SQL injection, XSS, and other injection attacks.

Unit II

Authentication and Authorization – Secure authentication principles and mechanisms – Implementing secure password management – Multi-factor authentication techniques – Role-based access control and authorization.

Session Management – Importance of secure session management – Techniques for secure session handling – Preventing session hijacking and fixation attacks – Implementing session timeouts and secure logout mechanisms.

Unit III

Error Handling and Logging – Importance of error handling and logging in secure coding – Secure error message handling – Implementing effective logging and auditing mechanisms.

Secure Coding Frameworks and Tools – Overview of secure coding frameworks and libraries – Utilizing secure coding tools and static code analysis – Secure coding practices for different programming languages – Secure software development lifecycle (SSDLC).

Course Objectives

The objective of this course is to provide students with a foundational understanding of secure coding practices and principles, and to equip them with the knowledge and skills necessary to develop and implement secure software applications. Through a combination of lectures, discussions, and hands-on exercises, students will gain an understanding of common software vulnerabilities and their impact and will learn how to apply secure coding principles and best practices to prevent security breaches. Students will also learn how to develop and implement effective input validation and data sanitization techniques, secure authentication and authorization mechanisms, secure session management techniques, and secure error handling and logging mechanisms. Finally, students will learn about secure coding frameworks and tools, and will be able to evaluate and apply secure coding guidelines and frameworks to ensure the security of their software applications.

Course Outcomes

CO1: Identify and prevent common software vulnerabilities through the application of secure coding principles and best practices.

CO2: Apply input validation and data sanitization techniques to protect against injection attacks such as SQL injection and XSS.

CO3: Employ secure authentication and authorization mechanisms, including secure password management and multi-factor authentication for web applications.

CO4: Apply secure session management techniques to prevent session hijacking and fixation attacks.

CO5: Analyze and Apply secure coding guidelines and frameworks to ensure the security of software applications.

CO-PO Mapping

Evaluation Pattern: 70:30

* CAT – Can be Quizzes, Assignment, and Reports

* CAL – Can be Lab Assessments, Projects, and Reports

**End Semester can be theory examination/ lab-based examination/ project presentation

Textbook(s)

Dafydd Stuttard and Marcus Pinto, “The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws,” Wiley, 2nd edition, 2011.

Andrew Hoffman, “Web Application Security: Exploitation and Countermeasures for Modern Web Applications”, O’Rielly, 2020.

Michael Howard, David LeBlanc. “Writing Secure Code”, Microsoft Press, Second Edition; 2003.

Reference(s)

Mead NR, Allen JH, Barnum S, Ellison RJ, McGraw GR. “Software security engineering: a guide for project managers”. Addison-Wesley Professional; 2004 Apr 21.