Secure Software Development: Principles of Software Security – Proactive Security development process, Secure Software Development Cycle (S-SDLC),A Risk Management Framework – A taxonomy of Coding Errors, Security Methodologies, Security Framework, Security Models

Defensive Coding Practices: Concepts and Techniques : Buffer Overrun, Format String Problems, Integer Overflow, and Injection flaws : SQL Injection, Command Injection, Failure to Handle Errors, Cross Site Scripting, Broken Authentication and Session Management, Magic URLs, Weak Passwords, Failing to Protect Data, Weak random numbers, improper use of

cryptography, Insecure Direct Object References, Insecure De-serialization, Security Misconfiguration, Information Leakage, Race Conditions, Poor Usability, Not Updating Easily, Executing with too much privilege, Failing to protect network traffic, improper use of PKI, trusting network name resolution.

Security code analysis and review: Code review with a tool (fortify, coverty etc), Code analysis Securing Server, Database, Network and their secure configuration, Firewalls. Case Study : Recent Software vulnerabilities due to insecure programming and how to prevent them during design and implementation. Tools : Azure Devops,, Gitlab CI/CD with security features, Jenkins with security plugins, Sonarcube, OWASP dependency Check, PMD.

Pre-Requisite(s): Basic Knowledge of Programming Language (s), Database Management, Network, Server
Course Type: Lab

Course Objectives

• To learn secure programming practices, configuration of various tiers and layers involved in Software Development.
• Build secure software resilient to cyber attacks.

Course Outcomes

CO1: Understand the basics of secure programming.

CO2: Understand the most frequent programming errors leading to software vulnerabilities.

CO3: Identify and analyze security problems in software.

CO4: Understand and protect against security threats and software vulnerabilities.

CO4: Effectively apply their knowledge to the construction of secure software systems.

CO-PO Mapping

1. Paul, M. (2016). Official (ISC) 2 Guide to the CSSLP. CRC Press.
2. Seacord, R. (2013). Secure Coding in C and C++ (2nd Edition). SEI Series in Software Engineering
3. Howard, Michael, David LeBlanc, and John Viega. “24 Deadly Sins of Software Security.” Programming Flaws and How to Fix Them (2010). McGraw-Hill Education
4. Ransome, J., & Misra, A. (2018). Core software security: Security at the source. CRC press.
5. Bishop, M. (2019). Computer Security(2 nd Edition). Addison-Wesley Professional.
6. McGraw, G. (2006). Software security: building security in (Vol. 1). Addison-Wesley Professional
7. John Veiga, Gary Mc Graw, “Building Secure Software: How to Avoid Security Problems the Right Way”, Addison-Wesley Professional Computing Series, 2001
8. Writing Secure Code, Michael Howard and David LeBlanc,Microsoft Press.
9. Buffer Overflow Attacks: Detect, Exploit, Prevent by Jason Deckar,Syngress.
10. Threat Modeling, Frank Swiderski and Window Snyder,Microsoft Professional.