This course introduces you to the principles of secure programming. It begins by discussing the philosophy and principles of secure programming, and then presenting robust programming and the relationship between it and secure programming. We'll go through a detailed example of writing robust code and we'll see many common programming problems and show their connection to writing robust, secure programs in general. We’ll examine eight design principles that govern secure coding and how to apply them to your own work. We’ll discuss how poor design choices drive implementation in coding. We’ll differentiate between informal, formal, and ad hoc coding methods. Throughout, methods for improving the security and robustness of your programs will be emphasized and you will have an opportunity to practice these concepts through various lab activities. A knowledge of the C programming language is helpful, but not required to participate in the lab exercises.
提供:
Secure Coding Practices専門講座カリフォルニア大学デービス校(University of California, Davis)このコースについて
1-2 years of experience with some form of computer programming language like C/C++ or Java.
1-2 years of experience with some form of computer programming language like C/C++ or Java.
提供:
カリフォルニア大学デービス校(University of California, Davis)
UC Davis, one of the nation’s top-ranked research universities, is a global leader in agriculture, veterinary medicine, sustainability, environmental and biological sciences, and technology. With four colleges and six professional schools, UC Davis and its students and alumni are known for their academic excellence, meaningful public service and profound international impact.
シラバス - 本コースの学習内容
Secure Programming Philosophy
In this module, you'll be able to describe key concepts in secure programming including typical problems and procedures. You'll be able to differentiate between robust programming and secure programming and you'll generalize from philosophies of "what to watch out for" and "where to look" to specific situations.
Secure Programming Design Principles
In this module, you will be able to recall eight software design principles that govern secure programming. You will write a short program, in any language you like, to determine whether the system enforces the Principle of Complete Mediation. You'll be able to apply design principles from Saltzer, Schroeder and Kaashoek to code situations.
Robust Programming
In this module, you will be able to explain the issues that can arise from fragile programming. You'll be able to discuss how design issues drive implementation and be able to distinguish between robust and fragile code. You'll be able to explain what can go wrong in fragile code and be able to write a robust version of fragile code.
Methods for Robustness
In this module, you will be able to describe how to use techniques that mimic formal methods to improve the robustness and security of programs. You will also be able to compare and contrast formal, informal, and ad hoc programming methods. You'll be able to write a program to demonstrate how a poorly-written program or library can cause incorrect results.
レビュー
PRINCIPLES OF SECURE CODING からの人気レビュー
Good introduction, at times the explanations are a bit dry and lengthy. A couple more real world stories would spice things up and make principles more memorable.
The course provides good insights in secure coding and robust programming. However, I think there should more than 10 questions for each module for assesment.
Matt Bishop is an excellent Secure Coding Trainer. I enjoyed the sessions all the way and it was totally engaging with practical examples.
The course was an exceptional one. And helped me to lot to understand what Robust and Secure coding really means. Thank you so much tutor.
Secure Coding Practices専門講座について
This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.
よくある質問
いつ講座や課題にアクセスできるようになりますか?
この専門講座をサブスクライブすると何を行うことができるようになりますか?
学資援助はありますか?
さらに質問がある場合は、受講者ヘルプセンターにアクセスしてください。
