Secure Coding

Module Code
II2011
Module Coordinators
Klaus Wüst
Teachers
Christian Wenzel-Benner
Short Description

This module is an introduction into the security pitfalls of common programming languages. It aims to demonstrate how to spot and avoid security relevant programming flaws.

Learning Objectives

The students know common causes for security relevant programming flaws and know how to avoid them. The importance of ISO standards has been recognized based on a commonly used programming language, as have the subtle and drastic issues that arise when the programmer leaves the realm of the behaviour defined in the standard.

The graduates cooperate in a team based manner during the course and define and research a secure coding related question, presenting their work their peers in the course.

Contents
  • Introduction: Damages caused by software flaws, hacked computers, vehicles, industrial plants and the difference between errors and malicious manipulation
  • Philosophy of efficient compiled languages
  • Typical issues with compiled laguages
  • Succesfull attacks from the past
  • How to guard against typical issues using coding standards
  • Tools supporting secure coding
Duration in Semester
1
Instruction Language
German
Total Effort
3 CrP; an estimated 180 hours, of which approximately 60 are spent in class.
Weekly School Hours
2
Method of Instruction

Seminar SWS

Requirements for the awarding of Credit Points

Examination: Written Exam

Evaluation Standard

according to examination regulations (§ 9)

Availability
Yearly
References
  • Steve Maguire: Writing Solid Code
  • Robert C. Seacord: Secure Coding in C and C++
  • ISO/IEC 9899:1999: Programming languages – C
  • Robert C. Seacord: The CERT C Coding Standard
  • Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland,
  • David Svoboda: The CERT Oracle Secure Coding Standard for Java
Prerequisite Modules