Engineering Secure Software Systems detailed syllabus for Cyber Security (Cyber Security) for 2021 regulation curriculum has been taken from the Anna University official website and presented for the Cyber Security students. For course code, course name, number of credits for a course and other scheme related information, do visit full semester subjects post given below.
For Cyber Security 5th Sem scheme and its subjects, do visit Cyber Security 5th Sem 2021 regulation scheme. The detailed syllabus of engineering secure software systems is as follows.
Course Objectives:
Download the iStudy App for all syllabus and other updates.
Unit I
NEED OF SOFTWARE SECURITY AND LOW-LEVEL ATTACKS
Software Assurance and Software Security – Threats to software security – Sources of software insecurity – Benefits of Detecting Software Security – Properties of Secure Software – MemoryBased Attacks: Low-Level Attacks Against Heap and Stack – Defense Against Memory-Based Attacks
Unit II
SECURE SOFTWARE DESIGN
Requirements Engineering for secure software – SQUARE process Model – Requirements elicitation and prioritization- Isolating The Effects of Untrusted Executable Content – Stack Inspection – Policy Specification Languages – Vulnerability Trends – Buffer Overflow – Code Injection – Session Hijacking. Secure Design – Threat Modeling and Security Design Principles
Unit III
Download the iStudy App for all syllabus and other updates.
Unit IV
SECURITY TESTING
Traditional Software Testing – Comparison – Secure Software Development Life Cycle – Risk Based Security Testing – Prioritizing Security Testing With Threat Modeling – Penetration Testing – Planning and Scoping – Enumeration – Remote Exploitation – Web Application Exploitation -Exploits and Client Side Attacks – Post Exploitation – Bypassing Firewalls and Avoiding Detection – Tools for Penetration Testing
Unit V
SECURE PROJECT MANAGEMENT
Governance and security – Adopting an enterprise software security framework – Security and project management – Maturity of Practice
Practical Exercises
- Implement the SQL injection attack.
- Implement the Buffer Overflow attack.
- Implement Cross Site Scripting and Prevent XSS.
- Perform Penetration testing on a web application to gather information about the system, then initiate XSS and SQL injection attacks using tools like Kali Linux.
- Develop and test the secure test cases
- Penetration test using kali Linux
Course Outcomes:
Download the iStudy App for all syllabus and other updates.
Text Books:
- Julia H. Allen, “Software Security Engineering”, Pearson Education, 2008
- Evan Wheeler, “Security Risk Management: Building an Information Security Risk Management Program from the Ground Up”, First edition, Syngress Publishing, 2011
- Chris Wysopal, Lucas Nelson, Dino Dai Zovi, and Elfriede Dustin, “The Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press)”, Addison-Wesley Professional, 2006
Reference Books:
- Robert C. Seacord, “Secure Coding in C and C++ (SEI Series in Software Engineering)”, Addison-Wesley Professional, 2005.
- Jon Erickson, “Hacking: The Art of Exploitation”, 2nd Edition, No Starch Press, 2008.
- Mike Shema, “Hacking Web Apps: Detecting and Preventing Web Application Security Problems”, First edition, Syngress Publishing, 2012
- Bryan Sullivan and Vincent Liu, “Web Application Security, A Beginner’s Guide”, Kindle Edition, McGraw Hill, 2012
- Lee Allen, “Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide (Open Source: Community Experience Distilled)”, Kindle Edition, Packt Publishing,2012
- Jason Grembi, “Developing Secure Software”
For detailed syllabus of all other subjects of Cyber Security, 2021 regulation curriculum do visit Cyber Security 5th Sem subject syllabuses for 2021 regulation.
For all Cyber Security results, visit Anna University Cyber Security all semester results direct link.