Module details for Secure Software Development

    Description

    This module develops an understanding of how security can be embedded in the software development lifecycle.

    Aims

    The aim of this Module is to introduce students to a range of tools and techniques for detecting and preventing security problems as part of the software development process.

    Learning Outcomes

    By the end of this module the student should be able to:

    1.  Analyse and critically evaluate a range of secure software engineering techniques, and critically select and apply these techniques in the context of real-world software projects.

    Indicative Content

    1 A Secure Development Process

    Common vulnerabilities in software. Testing for security vs. testing in general. Sources of security faults within the software lifecycle. Learning from past mistakes: vulnerability databases. General design practices for security. Code review for security and secure coding guidelines. Handing security issue reports.

    2 Static and Dynamic Analysis

    What tools can and can't find. Static analysis: pattern-matching, reusing complier technology, control flow analysis. Dynamic analysis: compiler sanitisation, introduction to fuzzing, template-based fuzzing, coverage-directed fuzzing. Static/dynamic analysis and Cl.

    3 Language and API Design for Security

    Inherent security problems with widely-used languages, and why people still use them. Language-specific tools. Platfom differences. Undefined behaviour and complier optimisations. Improving security through better API design. Managing software dependencies.

    3

    Inherent security problems with widely-used languages, and why people still use them. Language-specific tools. Platfom differences. Undefined behaviour and complier optimisations. Improving security through better API design. Managing software dependencies.

    4

    6

    Lucee 5.3.7.48 Error (database)
    Message ORA-00936: missing expression
    SQL SELECT semester, itemno, icbody
    FROM module_ic_body
    WHERE code = 'CYB401'
    AND occurence != 'F'
    AND semester = 'S2'
    AND itemno =
    AND ROWNUM <= 1
    DatabaseName Oracle
    DatabaseVersion Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
    With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
    DriverName Oracle JDBC driver
    DriverVersion 12.1.0.2.0
    Datasource sip2
    Stacktrace The Error Occurred in
    C:\inetpub\wwwroot\applications\external\modules\module.cfm: line 148
    146: <CFIF #isDefined("term")# AND #term# NEQ "">AND semester = '#term#'</cfif>
    147: AND itemno = #itemno#
    148: AND ROWNUM <= 1
    149: </cfquery>
    150:

    Java Stacktrace lucee.runtime.exp.DatabaseException: ORA-00936: missing expression
     
      at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:450)
      at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:399)
      at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:1059)
      at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:522)
      at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:257)
      at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:587)
      at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:210)
      at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:30)
      at oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:762)
      at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:925)
      at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1111)
      at oracle.jdbc.driver.OracleStatement.executeInternal(OracleStatement.java:1792)
      at oracle.jdbc.driver.OracleStatement.execute(OracleStatement.java:1745)
      at oracle.jdbc.driver.OracleStatementWrapper.execute(OracleStatementWrapper.java:334)
      at lucee.runtime.type.util.QueryUtil.execute(QueryUtil.java:319)
      at lucee.runtime.type.QueryImpl.execute(QueryImpl.java:273)
      at lucee.runtime.type.QueryImpl.(QueryImpl.java:227)
      at lucee.runtime.tag.Query.executeDatasoure(Query.java:1112)
      at lucee.runtime.tag.Query._doEndTag(Query.java:686)
      at lucee.runtime.tag.Query.doEndTag(Query.java:553)
      at module_cfm$cf$1af.call(/module.cfm:148)
      at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:914)
      at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:837)
      at lucee.runtime.listener.ClassicAppListener._onRequest(ClassicAppListener.java:64)
      at lucee.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:43)
      at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2416)
      at lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2406)
      at lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2381)
      at lucee.runtime.engine.Request.exe(Request.java:43)
      at lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1170)
      at lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:1116)
      at lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:97)
      at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:51)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
      at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:432)
      at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
      at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:880)
      at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1601)
      at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
      at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
      at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      at java.base/java.lang.Thread.run(Thread.java:834)
     
    Timestamp 03/03/2021 18:44:32 GMT