-
Presentation
Presentation
This CU teaches secure programming, and to detect vulnerabilities in the software code.
-
Class from course
Class from course
-
Degree | Semesters | ECTS
Degree | Semesters | ECTS
Master Degree | Semestral | 5
-
Year | Nature | Language
Year | Nature | Language
1 | Optional | Português
-
Code
Code
ULHT6802-1-25060
-
Prerequisites and corequisites
Prerequisites and corequisites
Not applicable
-
Professional Internship
Professional Internship
Não
-
Syllabus
Syllabus
PC1. Vulnerability identification and classification. Common Weakness Enumeration (CWE) classification PC2. Secure programming techniques and common vulnerabilities. Input and output validation, buffer overflows, client-state manipulation, SQL injection, cross-domain security PC3. Risk management frameworks and processes PC4. Code review using static analysis tools PC5. Architectural risk analysis PC6. Penetration testing PC7. Security testing PC8. SDLC PC9. Cloud security
-
Objectives
Objectives
The key objective of this module are as follows: LG1. Learn the principles of secure programming, to write programs in a safe fashion, to avoid vulnerabilities that can be exploited by attackers LG2. Learn the practices of secure programming, including the use of security features provided by libraries, such as authentication and encryption. LG3. Apply these principles to several programming languages and platforms
-
Teaching methodologies
Teaching methodologies
ME1: Expository: Theoretical presentation according to the curriculum plan. Assessment through a final exam (50%). ME2: Practical: Practical work guided by the teacher. Assessment through a student-developed project (50%). Important assessment notes: Minimum grade of 10/20 is required in both the exam and the project. Both assessment components are mandatory, regardless of when they are completed.
-
References
References
Matt Bishop (2004), Introduction to Computer Security. Addison Wesley Professional. Anderson, R. (2020). Security engineering: a guide to building dependable distributed systems. John Wiley & Sons. Gary McGraw. (2006). Software Security: Building Security In. Addison-Wesley Professional. Correia, M. P., & Sousa, P. J. (2010). Segurança no software. FCA. Gary McGraw. (2006). Software Security: Building Security In. Addison-Wesley Professional. Fred Long et al. (2011). The Oracle/CERT Secure Coding Standard for Java. Addison-Wesley Professional. Available online at http://www.cert.org/secure-coding/ . Neil Daswani, Christoph Kern, Anita Kesavan. (2007). Foundations of Security. APRESS Springer Nature
-
Assessment
Assessment
Teste de avaliação: 50%
Projecto: 50%
-
Mobility
Mobility
No
