04-801-R3   Special Topics in ICT: Secure Coding Practice

Location: Africa

Units: 6

Semester Offered: Spring

Course discipline

MSIT

Course type

Mini

Course concentration

Software Engineering/Software Development/Cybersecurity

Course description

Software systems are ubiquitous in the modern environment, and it is important that the systems are safe, reliable, and secure. The course recognizes that many security problems are indeed software bugs and will seek to develop the practical skills to minimize such bugs.

To this end, the course will cover fundamentals, principles, and the practice of secure coding. The course covers both theory and practice but puts more weight on practice. Carefully selected practical examples, practical exercises, mini-projects, and case studies will be used to reinforce the learning and to present students with an opportunity to acquire secure coding knowledge and high-level practical skills.

Learning objectives

The goal of this course is to enable learners to develop safe, reliable, and secure software systems by incorporating secure coding practices in the software lifecycle.

Outcomes

At the end of the course, the students should be able to:
  • Describe the challenges and threats to building secure software systems.
  • Analyze and select appropriate strategies that can be applied to develop secure software systems.
  • Apply their knowledge of secure coding to create software systems that are safe, reliable, and secure as measured by objective criteria.
  • Apply static and dynamic code analysis tools to discover coding flaws and vulnerabilities.

Content details

  • Common software security vulnerabilities, threats, and attack surfaces
  • Anti-patterns in software security
  • Secure coding principles and practice
  • Secure coding standards and conventions
  • Strategies for secure coding:
    • use of patterns and frameworks in software design and architecture
    • defensive programming
    • input validation
    • data sanitization
    • exception handling
    • security by design
  • Software lifecycle secure coding approach: secure coding practice in
    • design and architecture
    • implementation
    • testing
    • operations

Faculty

George Okeyo