IT Graduate Certificate in Information Security
and Assurance
(7) IT 6927 Trustworthy
Computing
Course Description: This course covers security principles, strategies, and coding techniques to write secure .NET code more resistant to attacks. Topics include: Contemporary security, proactive security development process, security principles, threat modeling, secure coding techniques, security testing, writing security documentation and error messages, security testing, security code review, and secure software installation.
Course Prerequisites: IT 6823 Information Security Concepts and Administration
Course Outline:
The Proactive Security Development
Process
·
Define the
product security goals
·
Security is a
product feature
·
Threat modeling
leads to secure design
·
Security team
review
·
Keep track of bug
metrics
·
Security process
improvement
Secure Coding Principles
·
Secure by design,
default, and deployment
·
Defense in depth
·
Least privilege
·
Backward
compatibility
·
Assume external
systems are insecure
·
Never mix code
and data
·
Fix security
issues correctly
.NET Framework Security
·
.NET and ASP.NET
threats and countermeasures
·
.NET developer
platform security
·
Code access
security fundamentals
·
ASP.NET and Web
Services security fundamentals
·
.NET Framework
security administration
·
.NET Framework
security for developers
Secure Coding Techniques in C#
·
Preventing buffer
overrun
·
Determining
appropriate access control
·
Running with
least privilege
·
Cryptographic
solutions
·
Protecting secret
data
·
Database input
issues
·
Web-specific input
issues
·
Internationalization
issues
·
Socket security
·
Securing RPC,
ActiveX controls, and DCOM
·
Protecting
against DOS attacks
·
C# network
programming
·
Using unmanaged
code in C#
Special Topics in Securing .NET Code
·
Security testing
·
Performing a
security code review
·
Secure software
installation
·
Building privacy
into applications
·
Good secure
coding practice
·
Writing security
documentation and error messages