EC-Council University














Home
Login
myECCUNI
Classes
RSS
Contact Us
  • Home
    • Resources
      • CodeRed Center
      • Hacker Halted
      • Hacker Journals Links
      • HackerJournals White papers
      • HackerJournals Central
      • HackerJournals Tools
      • HackerJournals Videos
      • HackerJournals Blogs
      • HackerJournals Vulnerabilities
      • HackerJournals Newpaper
      • HackerJournals Magazine
      • Security Videos
      • Industry News
      • Newsletters
      • CEHBLOG
  • About ECU
    • President Message
    • University History
    • Mission Statement
    • Pressroom
    • Licensure
    • Administration & Faculty
  • Academics
    • Graduate Certificates
      • Information Security Professional
      • IT Analyst
      • Disaster Recovery
      • Digital Forensics
      • Executive Information Assurance
    • Master of Security Science
    • MSS Course Description
      • Ethical Hacking and Countermeasures
      • Investigating Network Intrusions and Computer Fore
      • Disaster Recovery
      • Securing Wireless Networks
      • Managing Secure Network Systems
      • Linux Networking and Security
      • Security Analysis and Vulnerability Assessment
      • Conducting Penetration and Security Tests
      • Secure Programming
      • Project Management in IT Security
    • Transfer Credits
  • Admissions
    • Application Procedure
    • Refund Policy
  • Pay for College
    • Cost Estimate
    • Cyber Security Fellowship
  • Current Student
    • Class Schedules
  • myECCUNI
  • Contact Us
 

Course: ECU 510 Secure Programming

Purpose of Class:

This class is designed to provide students an insight of current security scenario and increasing hacking attempts on various information systems. The goal of the ethical hacking and countermeasures is to help the organizations take preemptive measures against malicious attacks by attacking the system themselves staying within legal limits.

Course Learning Outcomes:

Students who successfully complete this class will be able to:

  1. Understand the importance of secure programming and implement a standard set of secure programming practices, policies and guidelines to develop robust software applications
  2. Compare various application development models and methodologies, and implement a threat modelling approach to balance between usability and security of applications
  3. Analyze cryptography algorithms and encryption techniques, and design implementation strategies for securing information flow in the applications
  4. Understand the fundamental security concepts used by different programming languages and analyze the usability of different programming constructs in developing secure applications
  5. Identify the common vulnerabilities, threats and attack vectors in different programming languages, assess the implications and determine the appropriate countermeasures
  6. Analyse the working of port scanners and hacking tools, and write exploits to assess the application security for common attack vectors based on evidence, information, and research
  7. Understand the security implications of application documentation and error messages, and modify  default documentation and error message settings so as not to reveal sensitive information
  8. Compare and contrast different application testing and debugging approaches, develop application testing strategy and explore the ways to avoid classic testing mistakes
  9. Examine updates, activation, piracy, and other real time application deployment issues, and implement controls for secure data communication between various applications
  10. Compare and contrast different tools that help in developing secure codes and assess the role of these tools in reducing development time and cost

Required Reading

  1. Writing Secure Code, Second Edition, by Michael Howard and David LeBlanc, Microsoft Press © 2003, ISBN:9780735617223.
  2. Writing Security Tools and Exploits, by James C. Foster and Vincent Liu, Syngress Publishing © 2006, ISBN:9781597499972.
  3. Buffer Overflow Attacks: Detect, Exploit, Prevent, by James C. Foster et al., Syngress Publishing © 2005, ISBN:9781932266672.
  4. Hack Proofing Your Web Applications, by Jeff Forristal and Julie Traxler (Technical ed.), Syngress Publishing © 2001, ISBN:9781928994312.
  5. Sockets, Shellcode, Porting & Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals, by James C. Foster and Mike Price, Syngress Publishing © 2005, ISBN:9781597490054.
  6. Special OPS: Host and Network Security for Microsoft, UNIX, and Oracle, by Erik Pace Birkholz et al., Syngress Publishing © 2003, ISBN:9781931836692.
  7. Hack Proofing Linux: A Guide to Open Source Security, by James Stanger, Ph.D., Patrick T. Lane and Edgar Danielyan, Technical Editor, Syngress Publishing © 2001, ISBN:9781928994343
  8. Red Hat Linux Security and Optimization, by Mohammed J. Kabir, John Wiley & Sons © 2002, ISBN:9780764547546.
  9. Pro PHP Security, by Chris Snyder and Michael Southwell, Apress © 2005,ISBN:9781590595084
  10. Pro JSP, Third Edition, by Simon Brown et al., Apress © 2003, ISBN:9781590592250.
  11. JavaScript: The Complete Reference,by Thomas Powell and Fritz Schneider, McGraw-Hill/Osborne © 2001, ISBN:9780072191271.
  12. Microsoft PowerShell, VBScript and JScript Bible, by William R. Stanek, James O'Neill and Jeffrey Rosen, John Wiley & Sons © 2009, ISBN:9780470386804.
  13. Microsoft .NET Framework Security, by Surbhi Malhotra, Premier Press © 2002, ISBN:9781931841825.
  14. Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet, by Ken Dunham and Jim Melnick, Auerbach Publications © 2009, ISBN:9781420069037.
  15. Microsoft SQL Server 2008 Administrator's Pocket Consultant, by William Stanek, Microsoft Press © 2009, ISBN:9780735625891.
  16. Manage Software Testing, by Peter Farrell-Vinay, Auerbach Publications © 2008, ISBN:9780849393839.
  17. Ajax: The Complete Reference, by Thomas A. Powell, McGraw-Hill/Osborne © 2008, ISBN:9780071492164.
  18. PHP Oracle Web Development: Data Processing, Security, Caching, XML, Web Services, and Ajax, by Yuli Vasiliev, Packt Publishing © 2007, ISBN:9781847193636.
  19. Perl: The Complete Reference, Second Edition, by Martin C. Brown, McGraw-Hill/Osborne © 2001, ISBN:9780072129502.
  20. ASP 3 Fast & Easy Web Development, by Michael D. Thomasson, Premier Press © 2000, ISBN:9780761528548.
  21. Mac for Linux Geeks, by Tony Steidler-Dennison, Apress © 2009, ISBN:9781430216506.
  22. The Oracle Hacker's Handbook: Hacking and Defending Oracle, by David Litchfield, John Wiley & Sons © 2007, ISBN:9780470080221.
  23. Network Programming in .NET: With C# and Visual Basic .NET, by Fiach Reid, Digital Press © 2004, ISBN:9781555583156.
  24. Protecting Games: A Security Handbook for Game Developers and Publishers, by Steven Davis, Cengage Learning © 2008, ISBN:9781584506706.
  25. Security of e-Systems and Computer Networks, by Mohammad S. Obaidat and Noureddine A. Boudriga, Cambridge University Press © 2007,ISBN:9780521837644.
  26. Mobile Phone Programming and its Application to Wireless Networking, by Frank H.P. Fitzek and Frank Reichert, Springer © 2007, ISBN:9781402059681.

Week One:

Topics: Introduction to Secure Coding, Designing Secure Architecture, Cryptography, Buffer Overflows, Secure C and C++ Programming

OUTCOME:

  1. Understand the importance of secure programming and implement a standard set of secure programming practices, policies and guidelines to develop robust software applications
  2. Compare various application development models and methodologies, and implement a threat modelling approach to balance between usability and security of applications
  3. Analyze cryptography algorithms and encryption techniques, and design implementation strategies for securing information flow in the applications
  4. Understand the fundamental security concepts used by different programming languages and analyze the usability of different programming constructs in developing secure applications
  5. Identify the common vulnerabilities, threats and attack vectors in different programming languages, assess the implications and determine the appropriate countermeasures
  6. Compare and contrast different application testing and debugging approaches, develop application testing strategy and explore the ways to avoid classic testing mistakes
  7. Compare and contrast different tools that help in developing secure codes and assess the role of these tools in reducing development time and cost

Week Two:

Topics: Secure Java and JSP Programming, Secure JavaScript and VBScript Programming, Secure Microsoft.NET Programming, Secure PHP Programming, Securing Applications from Bots

OUTCOME:

  1. Understand the importance of secure programming and implement a standard set of secure programming practices, policies and guidelines to develop robust software applications
  2. Compare various application development models and methodologies, and implement a threat modelling approach to balance between usability and security of applications
  3. Analyze cryptography algorithms and encryption techniques, and design implementation strategies for securing information flow in the applications
  4. Understand the fundamental security concepts used by different programming languages and analyze the usability of different programming constructs in developing secure applications
  5. Identify the common vulnerabilities, threats and attack vectors in different programming languages, assess the implications and determine the appropriate countermeasures
  6. Understand the security implications of application documentation and error messages, and modify  default documentation and error message settings so as not to reveal sensitive information
  7. Compare and contrast different tools that help in developing secure codes and assess the role of these tools in reducing development time and cost

Week Three:

Topics: Secure SQL Server Programming, SQL Rootkits, Secure Application Testing, VMware Remote Recording and Debugging, Writing Secure Documentation and Error Messages

OUTCOME:

  1. Understand the importance of secure programming and implement a standard set of secure programming practices, policies and guidelines to develop robust software applications
  2. Compare various application development models and methodologies, and implement a threat modelling approach to balance between usability and security of applications
  3. Analyze cryptography algorithms and encryption techniques, and design implementation strategies for securing information flow in the applications
  4. Understand the fundamental security concepts used by different programming languages and analyze the usability of different programming constructs in developing secure applications
  5. Identify the common vulnerabilities, threats and attack vectors in different programming languages, assess the implications and determine the appropriate countermeasures
  6. Understand the security implications of application documentation and error messages, and modify  default documentation and error message settings so as not to reveal sensitive information
  7. Compare and contrast different application testing and debugging approaches, develop application testing strategy and explore the ways to avoid classic testing mistakes
  8. Compare and contrast different tools that help in developing secure codes and assess the role of these tools in reducing development time and cost

Week Four:

Topics: Secure ASP Programming, Secure Perl Programming, Secure XML, Web Services and AJAX Programming, Secure RPC, ActiveX and DCOM Programming, Secure Linux Programming
OUTCOME:

  1. Understand the importance of secure programming and implement a standard set of secure programming practices, policies and guidelines to develop robust software applications
  2. Analyze cryptography algorithms and encryption techniques, and design implementation strategies for securing information flow in the applications
  3. Understand the fundamental security concepts used by different programming languages and analyze the usability of different programming constructs in developing secure applications
  4. Identify the common vulnerabilities, threats and attack vectors in different programming languages, assess the implications and determine the appropriate countermeasures
  5. Compare and contrast different tools that help in developing secure codes and assess the role of these tools in reducing development time and cost

Week Five:

Topics: Secure Linux Kernel Programming, Secure Xcode Programming, Secure Oracle PLSQL Programming, Secure Network Programming, Windows Socket Programming,

OUTCOME:

  1. Understand the importance of secure programming and implement a standard set of secure programming practices, policies and guidelines to develop robust software applications
  2. Analyze cryptography algorithms and encryption techniques, and design implementation strategies for securing information flow in the applications
  3. Understand the fundamental security concepts used by different programming languages and analyze the usability of different programming constructs in developing secure applications
  4. Identify the common vulnerabilities, threats and attack vectors in different programming languages, assess the implications and determine the appropriate countermeasures
  5. Analyse the working of port scanners and hacking tools, and write exploits to assess the application security for common attack vectors based on evidence, information, and research
  6. Compare and contrast different application testing and debugging approaches, develop application testing strategy and explore the ways to avoid classic testing mistakes
  7. Compare and contrast different tools that help in developing secure codes and assess the role of these tools in reducing development time and cost

Week Six:

Topics: Writing Shellcodes, Writing Exploits, Programming Port Scanners and Hacking Tools, Secure Mobile Phone and PDA Programming, Secure Game Designing, Securing E-Commerce Applications, Software Activation, Piracy Blocking, and Automatic Updates

OUTCOME:

  1. Understand the importance of secure programming and implement a standard set of secure programming practices, policies and guidelines to develop robust software applications
  2. Analyze cryptography algorithms and encryption techniques, and design implementation strategies for securing information flow in the applications
  3. Understand the fundamental security concepts used by different programming languages and analyze the usability of different programming constructs in developing secure applications
  4. Identify the common vulnerabilities, threats and attack vectors in different programming languages, assess the implications and determine the appropriate countermeasures
  5. Analyse the working of port scanners and hacking tools, and write exploits to assess the application security for common attack vectors based on evidence, information, and research
  6. Examine updates, activation, piracy, and other real time application deployment issues, and implement controls for secure data communication between various applications
  7. Compare and contrast different tools that help in developing secure codes and assess the role of these tools in reducing development time and cost

Weeks Seven and Eight: Summative Experiences

Introduction to Weeks: Weeks seven and eight are designed to provide cumulative experience while
faculty and students are given the opportunity to finalize uncompleted work. For this course,
students will engage in one summative assessment, and a final project.

© 2011 EC-Council University | | Login