Questões de Segurança em Engenharia de Software

2019/20

Mestrado em Segurança Informática
Departamento de Ciência de Computadores
Faculdade de Ciências da Universidade do Porto

Home | Lectures | Projects | Exams | Piazza

Logistics

Lecturer: Eduardo R. B. Marques

Class schedule: Thursday, 14:00 - 17:00

Questions & announcements: Piazza

Course description

> Aims & expected learning outcomes

QSES provides an introduction to secure software development. Students learn how to make use of core principles, techniques, and tools for secure software engineering to prevent/detect/fix some of the most common classes of software security vulnerabilities. These skills are exercised through project assignments.


"Exploits of a Mom" @ xkcd.com

> Syllabus

Security & software engineening

  • Introductory concepts.
  • Principles & pitfalls in secure software design.
  • Security touchpoints in the software development life-cycle.

Building security in - techniques and tools for secure software development & validation, including:

  • Input validation.
  • Secure programming idioms.
  • Security-oriented code reviews using static program analysis.
  • Security-oriented program testing.

Handling of common security vulnerabilities, including:

  • Injection (commands, code, SQL, ...).
  • Buffer overflows.
  • Web application specific vulnerabilities (XSS, CSRF, ...).
  • Information flow & leakage.
  • Concurrency-related vulnerabilities.

> Bibliography

Building Secure Software: How to Avoid Security Problems the Right Way Catálogo UP Página do livro
John Viega and Gary McGraw, Addison-Wesley, 2002

Segurança no Software, 2ª ediçãoPágina do livro
Miguel Pupo Correia e Paulo Jorge Sousa, FCA, 2017

Secure Programming with Static Analysis: Getting Software Security Right with Static Analysis Página do livro
Brian Chess and Jacob West, Addison-Wesley, 2007

Writing Secure Code, 2nd edition Catálogo UP Página do livro
Michael Howard and David LeBlanc, Microsoft Press, 2004

Software Security, Building Security In Página do livro
Gary McGraw, Addison-Wesley, 2006

> Grading

  • 60 %: final exam.
  • 40 %: project assignments.