IT Graduate Certificate in Information Security and Assurance

 

 

(7) IT 6927 Trustworthy Computing

 

Course Description: This course covers security principles, strategies, and coding techniques to write secure .NET code more resistant to attacks. Topics include: Contemporary security, proactive security development process, security principles, threat modeling, secure coding techniques, security testing, writing security documentation and error messages, security testing, security code review, and secure software installation.

 

Course Prerequisites: IT 6823 Information Security Concepts and Administration

 

Course Outline:

The Proactive Security Development Process

    Define the product security goals

    Security is a product feature

    Threat modeling leads to secure design

    Security team review

    Keep track of bug metrics

    Security process improvement

Secure Coding Principles

    Secure by design, default, and deployment

    Defense in depth

    Least privilege

    Backward compatibility

    Assume external systems are insecure

    Never mix code and data

    Fix security issues correctly

.NET Framework Security

    .NET and ASP.NET threats and countermeasures

    .NET developer platform security

    Code access security fundamentals

    ASP.NET and Web Services security fundamentals

    .NET Framework security administration

    .NET Framework security for developers

Secure Coding Techniques in C#

    Preventing buffer overrun

    Determining appropriate access control

    Running with least privilege

    Cryptographic solutions

    Protecting secret data

    Database input issues

    Web-specific input issues

    Internationalization issues

    Socket security

    Securing RPC, ActiveX controls, and DCOM

    Protecting against DOS attacks

    C# network programming

    Using unmanaged code in C#

Special Topics in Securing .NET Code

    Security testing

    Performing a security code review

    Secure software installation

    Building privacy into applications

    Good secure coding practice

    Writing security documentation and error messages