Engineering Secure Software Systems detailed syllabus for Artificial Intelligence & Machine Learning (AI&ML) for 2021 regulation curriculum has been taken from the Anna Universities official website and presented for the AI&ML students. For course code, course name, number of credits for a course and other scheme related information, do visit full semester subjects post given below.
For Artificial Intelligence & Machine Learning 6th Sem scheme and its subjects, do visit AI&ML 6th Sem 2021 regulation scheme. For Professional Elective-IV scheme and its subjects refer to AI&ML Professional Elective-IV syllabus scheme. The detailed syllabus of engineering secure software systems is as follows.
Course Objectives:
Download the iStudy App for all syllabus and other updates.
Unit I
NEED OF SOFTWARE SECURITY AND LOW-LEVEL ATTACKS
Software Assurance and Software Security – Threats to software security – Sources of software insecurity – Benefits of Detecting Software Security – Properties of Secure Software – MemoryBased Attacks: Low-Level Attacks Against Heap and Stack – Defense Against Memory-Based Attacks
Unit II
SECURE SOFTWARE DESIGN
Requirements Engineering for secure software – SQUARE process Model – Requirements elicitation and prioritization- Isolating The Effects of Untrusted Executable Content – Stack Inspection – Policy Specification Languages – Vulnerability Trends – Buffer Overflow – Code Injection – Session Hijacking. Secure Design – Threat Modeling and Security Design Principles
Unit III
Download the iStudy App for all syllabus and other updates.
Unit IV
SECURITY TESTING
Traditional Software Testing – Comparison – Secure Software Development Life Cycle – Risk Based Security Testing – Prioritizing Security Testing With Threat Modeling – Penetration Testing – Planning and Scoping – Enumeration – Remote Exploitation – Web Application Exploitation -Exploits and Client Side Attacks – Post Exploitation – Bypassing Firewalls and Avoiding Detection – Tools for Penetration Testing
Unit V
SECURE PROJECT MANAGEMENT
Governance and security – Adopting an enterprise software security framework – Security and project management – Maturity of Practice
Practical Exercises
- Implement the SQL injection attack.
- Implement the Buffer Overflow attack.
- Implement Cross Site Scripting and Prevent XSS.
- Perform Penetration testing on a web application to gather information about the system, then initiate XSS and SQL injection attacks using tools like Kali Linux.
- Develop and test the secure test cases
- Penetration test using kali Linux
Course Outcomes:
Download the iStudy App for all syllabus and other updates.
Text Books:
- Julia H. Allen, “Software Security Engineering”, Pearson Education, 2008
- Evan Wheeler, “Security Risk Management: Building an Information Security Risk Management Program from the Ground Up”, First edition, Syngress Publishing, 2011
- Chris Wysopal, Lucas Nelson, Dino Dai Zovi, and Elfriede Dustin, “The Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press)”, Addison-Wesley Professional, 2006
Reference Books:
- Robert C. Seacord, “Secure Coding in C and C++ (SEI Series in Software Engineering)”, Addison-Wesley Professional, 2005.
- Jon Erickson, “Hacking: The Art of Exploitation”, 2nd Edition, No Starch Press, 2008.
- Mike Shema, “Hacking Web Apps: Detecting and Preventing Web Application Security Problems”, First edition, Syngress Publishing, 2012
- Bryan Sullivan and Vincent Liu, “Web Application Security, A Beginner’s Guide”, Kindle Edition, McGraw Hill, 2012
- Lee Allen, “Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide (Open Source: Community Experience Distilled)”, Kindle Edition, Packt Publishing,2012
- Jason Grembi, “Developing Secure Software”
For detailed syllabus of all the other subjects of Artificial Intelligence & Machine Learning 6th Sem, visit AI&ML 6th Sem subject syllabuses for 2021 regulation.
For all Artificial Intelligence & Machine Learning results, visit Anna University AI&ML all semester results direct link.