Print this page Software Security: Practical Defensive Strategies
Warren T. Jones, Ph.D., P.E.
Course Outline
It is common knowledge
that security is one of the most important issues in the computer field today.
What is not apparent to many is that the security challenges today are frequently
software problems. The weak points are the applications at the ends of the communications
link and therefore represent the points of greatest vulnerability to attack.
The purpose of this course is to present recommended approaches to software
security including threat modeling, programming language security in C/C++,
Java and Perl and activities for each stage of the software development life
cycle. Smart card security and security certification for IT products are also
discussed.
This course includes a multiple-choice quiz at the end, which is designed to
enhance the understanding of the course materials.
Learning Objective
At
the conclusion of this three-hour course, the student will learn:
- Basic terms and definitions used in the security field;
- Many security vulnerabilities are related to software defects;
- Security principles should be applied throughout the software development life cycle;
- There are security risks associated with the choice of programming language for a software project;
- Threat modeling is a method of assessing and documenting security risks;
- There is a national coordination center that observes intruder activity and provides up-to-date information on security trends and other resources;
- Useful guidelines for more secure programming in C and C++;
- Important developer guidelines for more secure programming in Java;
- User guidelines for more secure use of Java applications;
- How to secure Perl programs;
- Some of the important security features built into the Java language;
- The Sandbox Java Security Model;
- About smart card security issues; and
- An organization
exists to certify the security of IT products.
Intended Audience
This course is
intended for all engineers.
Course Content
The course content is in a PDF file (762 K) Software Security: Practical Defensive Strategies. You need to open or download above documents to study this course.
You need to open
or download these documents to study this course.
Table of Contents
Module #1: Introduction and Definitions
Module #2: Approaches
to the Security Problem
Module #3: Principles for Software Security
Module #4: Threat Modeling
Module #5: C/C++ Security
Module #6: Java Security
Module #7: Perl Security
Module #8: Common
Criteria
Web Resources
Textbook and
Other Resources
Course
Summary
This course presents
an introduction to software security with the objective of providing practical
strategies for addressing security challenges. The risks of the popular "penetrate
and patch" approach to software security along with the advantages of the
recommended approach of integrating security considerations into the software
development life cycle are discussed. Tools and techniques are presented that
can enhance security at each stage of the life cycle as well as general principles
for more secure design. Specific practices are recommended for programming in
C/C++, Java and Perl. Security issues of smart cards and the certification of
IT products are also discussed. Additional book and web resources are given
for a more in-depth follow-up study.
Quiz
Once you finish studying the above course content, you need to take a quiz to obtain the PDH credits.
DISCLAIMER: The materials contained in the online course are not intended as a representation or warranty on the part of PDH Center or any other person/organization named herein. The materials are for general information only. They are not a substitute for competent professional advice. Application of this information to a specific project should be reviewed by a registered architect and/or professional engineer/surveyor. Anyone making use of the information set forth herein does so at their own risk and assumes any and all resulting liability arising therefrom.
