Subject code CB3591 deals with the Engineering Secure Software Systems subject. In this article, we try to provide the syllabus of the CB3591 Engineering Secure Software Systems syllabus based on the Affiliated Institutions of Anna University 2021 Regulation syllabus.
If you see nowadays, students are requesting brief descriptions of anything they want to know. Today social media platforms and search engines are running information throughout the world, just by searching the concept by the people. Especially when it comes to education, every subject in any field has been provided. There is a lot of demand to provide accurate education information in the market. Among them is aplustopper.com tries to give the best of its content for students. In this article, the CB3591 – Engineering Secure Software Systems Syllabus is given briefly without getting rid of a single concept of the subject from the Anna University B.E Computer Science and Engineering (Cyber security) syllabus.
If you want to know more about the syllabus of B.E Computer Science and Engineering (Cyber security) Syllabus connected to an affiliated institution’s four-year undergraduate degree program. We provide you with a detailed Year-wise, semester-wise, and Subject-wise syllabus in the following link B.E Computer Science and Engineering (Cyber security) Syllabus Anna University, Regulation 2021.
Aim Of Concept:
- Know the importance and need for software security.
- Know about various attacks.
- Learn about secure software design.
- Understand risk management in secure software development.
- Know the working of tools related to software security.
CB3591 – Engineering Secure Software Systems Syllabus
Unit I: Need Of Software Security And Low-Level Attacks
Software Assurance and Software Security – Threats to software security – Sources of software insecurity – Benefits of Detecting Software Security – Properties of Secure Software – MemoryBased Attacks: Low-Level Attacks Against Heap and Stack – Defense Against Memory-Based Attacks
Unit II: Secure Software Design
Requirements Engineering for secure software – SQUARE process Model – Requirements elicitation and prioritization- Isolating The Effects of Untrusted Executable Content – Stack Inspection – Policy Specification Languages – Vulnerability Trends – Buffer Overflow – Code Injection – Session Hijacking. Secure Design – Threat Modeling and Security Design Principles
Unit III: Security Risk Management
Risk Management Life Cycle – Risk Profiling – Risk Exposure Factors – Risk Evaluation and Mitigation – Risk Assessment Techniques – Threat and Vulnerability Management
Unit IV: Security Testing
Traditional Software Testing – Comparison – Secure Software Development Life Cycle – Risk Based Security Testing – Prioritizing Security Testing With Threat Modeling – Penetration Testing – Planning and Scoping – Enumeration – Remote Exploitation – Web Application Exploitation Exploits and Client Side Attacks – Post Exploitation – Bypassing Firewalls and Avoiding Detection – Tools for Penetration Testing
Unit V: Secure Project Management
Governance and security – Adopting an enterprise software security framework – Security and project management – Maturity of Practice
Practical Exercises:
- Implement the SQL injection attack.
- Implement the Buffer Overflow attack.
- Implement Cross Site Scripting and Prevent XSS.
- Perform Penetration testing on a web application to gather information about the system, then initiate XSS and SQL injection attacks using tools like Kali Linux.
- Develop and test the secure test cases
- Penetration test using kali Linux
Text Books:
- Julia H. Allen, “Software Security Engineering”, Pearson Education, 2008
- Evan Wheeler, “Security Risk Management: Building an Information Security Risk Management Program from the Ground Up”, First edition, Syngress Publishing, 2011
- Chris Wysopal, Lucas Nelson, Dino Dai Zovi, and Elfriede Dustin, “The Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press)”, Addison-Wesley Professional, 2006
References:
- Robert C. Seacord, “Secure Coding in C and C++ (SEI Series in Software Engineering)”, Addison-Wesley Professional, 2005.
- Jon Erickson, “Hacking: The Art of Exploitation”, 2nd Edition, No Starch Press, 2008.
- Mike Shema, “Hacking Web Apps: Detecting and Preventing Web Application Security Problems”, First edition, Syngress Publishing, 201 2
- Bryan Sullivan and Vincent Liu, “Web Application Security, A Beginner’s Guide”, Kindle Edition, McGraw Hill, 2012
- Lee Allen, “Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide (Open Source: Community Experience Distilled)”, Kindle Edition, Packt Publishing,2012
- Jason Grembi, “Developing Secure Software”
Related Posts On Semester V:
Must Read For More: