Secure Coding

Modulnummer
II2011
Modulverantwortliche
Klaus Wüst
Dozenten
Christian Wenzel-Benner
Kurzbeschreibung

This module is an introduction into the security pitfalls of common programming languages. It aims to demonstrate how to spot and avoid security relevant programming flaws.

Qualifikations- und Lernziele

The students know common causes for security relevant programming flaws and know how to avoid them. The importance of ISO standards has been recognized based on a commonly used programming language, as have the subtle and drastic issues that arise when the programmer leaves the realm of the behaviour defined in the standard.

The graduates cooperate in a team based manner during the course and define and research a secure coding related question, presenting their work their peers in the course.

Lerninhalte
  • Introduction: Damages caused by software flaws, hacked computers, vehicles, industrial plants and the difference between errors and malicious manipulation
  • Philosophy of efficient compiled languages
  • Typical issues with compiled laguages
  • Succesfull attacks from the past
  • How to guard against typical issues using coding standards
  • Tools supporting secure coding
Moduldauer (Semester)
1
Unterrichtssprache
Deutsch
Gesamtaufwand
3 CrP; 180 Stunden, davon etwa 60 Stunden Präsenzzeit.
Semesterwochenstunden
2
Lernformen

Seminar SWS

Geprüfte Leistung

Examination: Written Exam

Bewertungsstandard

according to examination regulations (§ 9)

Häufigkeit des Angebots
Yearly
Literatur
  • Steve Maguire: Writing Solid Code
  • Robert C. Seacord: Secure Coding in C and C++
  • ISO/IEC 9899:1999: Programming languages – C
  • Robert C. Seacord: The CERT C Coding Standard
  • Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland,
  • David Svoboda: The CERT Oracle Secure Coding Standard for Java
Vorausgesetzte Module