Course Information
SemesterCourse Unit CodeCourse Unit TitleT+P+LCreditNumber of ECTS CreditsLast Updated Date
1BBM461SECURE PROGRAMMING3+0+03606.09.2024

 
Course Details
Language of Instruction English
Level of Course Unit Bachelor's Degree
Department / Program COMPUTER ENGINEERING
Type of Program Formal Education
Type of Course Unit Elective
Course Delivery Method Face To Face
Objectives of the Course To teach general security flaws seen in programs and secure programming approaches.
Course Content Basic program security principles, Shell and operating system based threats, Overflow attacks, Input attacks, Web security, Security frameworks, Code analysis and code security tests
Course Methods and Techniques Lecture, Discussion, Question and Answer, Problem Solving, Experiment
Prerequisites and co-requisities ( BBM104 ) and ( BBM102 ) and ( BBM459 )
Course Coordinator None
Name of Lecturers Prof. Dr. Suat Ă–zdemir
Assistants None
Work Placement(s) No

Recommended or Required Reading
Resources 1. Counter Hack Reloaded:A Step-by-Step Guide to Computer Attacks and Effective Defenses, Edward Skoudis, Tom Liston, Prentice Hall 2. Hacking Exposed 7: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray, George Kurtz, McGraw-Hill Osborne Media 3. Secure Coding: Principles and Practices, Mark G. Graff, Kenneth R. Van Wyk, O'Reilly Media 4. Software Security: Building Security, Gary McGraw, Addison-Wesley 5. Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World, Michael Howard, David LeBlanc, 2nd ed. Edition, Microsoft Press 6. Foundations of Security: What Every Programmer Needs To Know, Neil Daswani, Christoph Kern, and Anita Kesavan 7. Security in Computing. C. P. Pfleeger and S. L. Pfleeger, Prentice Hall
Course Notes “Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World”, Michael Howard, David LeBlanc, 2nd ed. Edition, Microsoft Press

“Secure Coding: Principles and Practices”, Mark G. Graff, Kenneth R. Van Wyk, O'Reilly Media

“Software Security: Building Security”, Gary McGraw, Addison-Wesley

“Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation”, John Viega, Matt Messier, O'Reilly Media

“Secure Coding in C and C++”, Robert C. Seacord, Addison-Wesley Professional


Planned Learning Activities and Teaching Methods
Activities are given in detail in the section of "Assessment Methods and Criteria" and "Workload Calculation"

Assessment Methods and Criteria
In-Term Studies Quantity Percentage
Midterm Exam 1 % 20
Assignment 4 % 30
Attendance 1 % 5
Final examination 1 % 45
Total
7
% 100

 
ECTS Allocated Based on Student Workload
Activities Quantity Duration Total Work Load
Course Duration 14 3 42
Hours for off-the-c.r.stud 14 4 56
Assignments 4 14 56
Preparation for Midterm Exam 1 10 10
General Exam Preparation 1 15 15
Total Work Load   Number of ECTS Credits 5,96666666666667 179

 
Course Learning Outcomes: Upon the successful completion of this course, students will be able to:
NoLearning Outcomes
1 Students will be able to understand security errors and flaws happen during program development.
2 Students will be able to understand principles of secure programming.
3 ÖÄźrenciler, temel düzeyde güvenli programlama tecrübesi elde edeceklerdir.
4  
5  
6  
7  
8  

 
Weekly Detailed Course Contents
WeekTopicsStudy MaterialsMaterials
1 Introduction to program security, Fundementals of secure programming
2 Attacks based on shell environment flaws
3 Integer overflow attacks
4 Buffer overflow attacks
5 Input validation attacks, Format string attacks
6 Links and race conditions, Temporary storage and randomness problems
7 Canonicalization and Directory traversal problems
8 Attacks on database systems
9 Midterm Exam
10 Web environment and web applications
11 Web application and session security
12 XSS attacks, Java EE security
13 AJAX security, PHP security
14 Security tests and static code analysis tools
15 Preparation to Final Exam
16 Final exam

 
Contribution of Learning Outcomes to Programme Outcomes
P1 P2 P3 P4 P5 P6 P7 P8 P9 P10 P11 P12
All 5 5 3 4 2 1 1 4 4 1 4
C1
C2
C3
C4
C5
C6
C7
C8

  Contribution: 1: Very Slight 2:Slight 3:Moderate 4:Significant 5:Very Significant

  
  https://bilsis.hacettepe.edu.tr/oibs/bologna/progCourseDetails.aspx?curCourse=2687573&lang=en