Scribd
Upload
42 views3 pages

ESSS

syllabus

Uploaded by

kavitha.cse
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
42 views3 pages

ESSS

syllabus

Uploaded by

kavitha.cse
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

23CB403 ENGINEERING SECURE SOFTWARE SYSTEMS LT PC

2 0 2 3
OBJECTIVES:

 Know the importance and need for software security.

 Know about various attacks.

 Learn about secure software design.

 Understand risk management in secure software development.

 Know the working of tools related to software security.

UNIT-I NEED OF SOFTWARE SECURITY


6
Software assurance and Software security – Threats to software security –
Sources of software insecurity – Benefits of detecting software security –
Properties of secure software – Influencing the security properties of
software.

UNIT-II SECURE SOFTWARE DESIGN AND ARCHITECTURE


7

Requirements engineering for secure software – SQUARE process model –


Requirements elicitation and prioritization – Security architecture - Software
security practices for Architecture and Design: Architectural Risk Analysis –
Software security knowledge for Architecture and Design: Security Principles,
Security Guidelines, and Attack Patterns.

UNIT-III SECURITY RISK MANAGEMENT


5

Risk management life cycle – Risk profiling – Risk exposure factors – Risk
evaluation and mitigation – Risk assessment techniques – Threat and
vulnerability management – Security risk reviews.

UNIT-IV SECURE CODING AND TESTING


8

Code analysis – Coding practices – Software security testing – Security


testing considerations throughout the SDLC – Security failures – Examples of
functional and attacker perspectives for security analysis – System
complexity drivers and security – Deep technical problem complexity –
Security controls and services.

UNIT-V SECURE PROJECT MANAGEMENT


4
Governance and security – Adopting an enterprise software security
framework – Security and project management – Maturity of practice.

TOTAL: 30 PERIODS

PRACTICALS:

1. Implement the SQL injection attack.


2. Implement the buffer overflow attack.
3. Implement cross site scripting and prevent XSS.
4. Perform penetration testing on a web application to gather information
about the system, then initiate XSS and SQL injection attacks using
tools like Kali Linux.
5. Develop and test the secure test cases.
6. Penetration test using Kali Linux.

TOTAL: 30 PERIODS

COURSE OUTCOMES:

At the end of the course the students will be able to


 CO1: Identify the need for software security.
 CO2: Apply security principles in software development.
 CO3: Evaluate the extent of risks in software systems.
 CO4: Gain knowledge on the concepts of secure coding and security
testing.
 CO5: Explore the various aspects of security analysis and services.
 CO6: Examine the procedure of adopting secure project management.

TEXT BOOKS:
1. Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw, Nancy R.
Mead, “Software Security Engineering”, Addison-Wesley, 1st Edition,
United States, 2008 (Unit – 1, 2, 4 & 5).

2. Evan Wheeler, “Security Risk Management: Building an Information


Security Risk Management Program from the Ground Up", Syngress,
Illustrated Edition, United States, 2011 (Unit – 3).

REFERENCES:

1. Chris Wysopal, Lucas Nelson, Dino Dai Zovi, Elfriede Dustin, “The Art of
Software Security Testing: Identifying Software Security Flaws”, Addison-
Wesley Professional, 1st Edition, India, 2006.
2. Jason Grembi, “Developing Secure Software”, Cengage Learning, 1 st
Edition, India, 2009.

3. Lee Allen, “Advanced Penetration Testing for Highly-Secured


Environments: The Ultimate Security Guide (Open Source: Community
Experience Distilled)”, Packt Publishing, Kindle Edition, India, 2012.

4. Bryan Sullivan, Vincent Liu, “Web Application Security, A Beginner’s


Guide”, Osborne / McGraw Hill, 1st Edition, United States, 2012.

POs PSOs

COs 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3

1 2 3 2 3 2 - - - 2 1 2 2 2 2 2
2 2 2 2 3 3 - - - 2 1 2 2 1 2 2
3 1 2 2 2 1 - - - 1 1 2 1 2 2 2
4 2 3 2 2 2 - - - 2 1 2 2 2 2 2
5 2 3 2 2 2 - - - 2 1 2 2 2 2 2
6 2 1 2 2 3 - - - 2 1 1 2 2 1 2
Overall
2 2 2 2 2 0 0 0 2 1 2 2 2 2 2
correlation

You might also like