Module details for Secure Software Development

Description

This module develops an understanding of how security can be embedded in the software development lifecycle.

Aims

The aim of this Module is to introduce students to a range of tools and techniques for detecting and preventing security problems as part of the software development process.

Learning Outcomes

By the end of this module the student should be able to:

1.  Analyse and critically evaluate a range of secure software engineering techniques, and critically select and apply these techniques in the context of real-world software projects.

Indicative Content

1 A Secure Development Process

Common vulnerabilities in software. Testing for security vs. testing in general. Sources of security faults within the software lifecycle. Learning from past mistakes: vulnerability databases. General design practices for security. Code review for security and secure coding guidelines. Handing security issue reports.

2 Static and Dynamic Analysis

What tools can and can't find. Static analysis: pattern-matching, reusing complier technology, control flow analysis. Dynamic analysis: compiler sanitisation, introduction to fuzzing, template-based fuzzing, coverage-directed fuzzing. Static/dynamic analysis and Cl.

3 Language and API Design for Security

Inherent security problems with widely-used languages, and why people still use them. Language-specific tools. Platfom differences. Undefined behaviour and complier optimisations. Improving security through better API design. Managing software dependencies.

3

Inherent security problems with widely-used languages, and why people still use them. Language-specific tools. Platfom differences. Undefined behaviour and complier optimisations. Improving security through better API design. Managing software dependencies.

4

6

Lucee 5.3.7.48 Error (database)
Message ORA-00936: missing expression
SQL SELECT semester, itemno, icbody
FROM module_ic_body
WHERE code = 'CYB401'
AND occurence != 'F'
AND semester = 'S2'
AND itemno =
AND ROWNUM <= 1
DatabaseName Oracle
DatabaseVersion Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
DriverName Oracle JDBC driver
DriverVersion 12.1.0.2.0
Datasource sip2
Stacktrace The Error Occurred in
C:\inetpub\wwwroot\applications\external\modules\module.cfm: line 148
146: <CFIF #isDefined("term")# AND #term# NEQ "">AND semester = '#term#'</cfif>
147: AND itemno = #itemno#
148: AND ROWNUM <= 1
149: </cfquery>
150:

Java Stacktrace lucee.runtime.exp.DatabaseException: ORA-00936: missing expression
 
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:450)
  at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:399)
  at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:1059)
  at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:522)
  at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:257)
  at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:587)
  at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:210)
  at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:30)
  at oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:762)
  at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:925)
  at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1111)
  at oracle.jdbc.driver.OracleStatement.executeInternal(OracleStatement.java:1792)
  at oracle.jdbc.driver.OracleStatement.execute(OracleStatement.java:1745)
  at oracle.jdbc.driver.OracleStatementWrapper.execute(OracleStatementWrapper.java:334)
  at lucee.runtime.type.util.QueryUtil.execute(QueryUtil.java:319)
  at lucee.runtime.type.QueryImpl.execute(QueryImpl.java:273)
  at lucee.runtime.type.QueryImpl.(QueryImpl.java:227)
  at lucee.runtime.tag.Query.executeDatasoure(Query.java:1112)
  at lucee.runtime.tag.Query._doEndTag(Query.java:686)
  at lucee.runtime.tag.Query.doEndTag(Query.java:553)
  at module_cfm$cf$1af.call(/module.cfm:148)
  at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:914)
  at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:837)
  at lucee.runtime.listener.ClassicAppListener._onRequest(ClassicAppListener.java:64)
  at lucee.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:43)
  at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2416)
  at lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2406)
  at lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2381)
  at lucee.runtime.engine.Request.exe(Request.java:43)
  at lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1170)
  at lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:1116)
  at lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:97)
  at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:51)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
  at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:432)
  at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
  at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:880)
  at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1601)
  at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
  at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
  at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
  at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
  at java.base/java.lang.Thread.run(Thread.java:834)
 
Timestamp 03/03/2021 18:44:32 GMT