CYBR271 (2021) - Secure Programming
This course addresses the concepts, techniques and tools required for developing software that reliably preserves the security properties of the information and systems they protect. The course covers common software vulnerabilities, specifying security requirements, secure design principles and techniques for evaluating software security. Practical work will involve developing and evaluating the security of C and Java programs.
Course learning objectives
Students who pass this course will be able to:
- Describe the role of, and develop security requirements and abuse scenarios based upon, an understanding of the differences between the methodologies used by attacker and a testers to discover security vulnerabilities that could lead to security risks.
- Apply knowledge of threats, vulnerabilities and how these may interact to choosing and implementing client-side and server-side software security controls to mitigate software security risks.
- Evaluate the security of software using a range of security techniques including vulnerability assessment, fuzzing and code review.
The course is primarily offered in-person, but there will also be a remote option and there will be online alternatives for all the components of the course for students who cannot attend in-person.
Students taking this course remotely must have access to a computer with camera and microphone and a reliable high speed internet connection that will support real-time video plus audio connections and screen sharing. Students must be able to use Zoom; other communication applications may also be used. A mobile phone connection only is not considered sufficient. The comuputer must be adequate to support the programming required by the course: almost any modern windows, macintosh, or unix laptop or desktop computer will be sufficient, but an Android or IOS tablet will not.
If the assessment of the course includes tests, the tests will generally be run in-person on the Kelburn campus. There will be a remote option for students who cannot attend in-person and who have a strong justification (for example, being enrolled from overseas).
The remote test option will use Zoom for online supervision of the tests and you must be able to use Zoom with a camera, microphone, and screen-sharing. Students who will need to use the remote test option must contact the course coordinator in the first two weeks to get permission and make arrangements.
Withdrawal from Course
Withdrawal dates and process:
This course will be offered in-person and online. For students in Wellington, there will be a combination of in-person components and web/internet based resources. It will also be possible to take the course entirely online for those who cannot attend on campus, with all the components provided in-person also made available online.
There are two lectures per week that will be recorded, a tutorial that will be livestreamed and starting from week four there will be weekly helpdesks will be both in person and provided over Zoom. Our second assignment requires you to demonstrate your code and understanding of the problem, this will be able to be done either in person or using Zoom.
Student feedback on University courses may be found at: www.cad.vuw.ac.nz/feedback/feedback_display.php
Dates (trimester, teaching & break dates)
- Teaching: 05 July 2021 - 08 October 2021
- Break: 16 August 2021 - 29 August 2021
- Study period: 11 October 2021 - 14 October 2021
- Exam period: 15 October 2021 - 06 November 2021
The Friday lecture slot is used as a tutorial.
Set Texts and Recommended Readings
There are no required texts for this course.
Mandatory Course Requirements
In addition to achieving an overall pass mark of at least 50%, students must:
- Achieve at least a D in the take home test.
If you believe that exceptional circumstances may prevent you from meeting the mandatory course requirements, contact the Course Coordinator for advice as soon as possible.
This assessment scheme is the 2020 version. It is likely to change somewhat in 2021.
|Assessment Item||Due Date or Test Date||CLO(s)||Percentage|
|Threat and risk modelling assignment (5 weeks).||Week 6||CLO: 1||40%|
|Practical assignment (5 weeks).||Week 12||CLO: 2,3||40%|
|Take home test.||Assessment week||CLO: 1,2,3||20%|
Late assignment submissions will receive a penalty of 10% for each day late (pro-rata).
Each student will have three "late days" which you may choose to use for any assignment or assignments during the course. There will be no penalty applied for these late days. You do not need to apply for these, instead any late days you have left will be automatically applied to assignments that you submit late.
Submission & Return
All work is submitted through the ECS submission system, accessible through the course web pages. Marks and comments will be returned through the ECS marking system, also available through the course web pages.
The two practical assignments are marked in person. They are assessed on your undestanding of the security issue, code quality and how well the student can explain how they solved the problem to the marker. All other assessment is done by tutors or lecturers, marking to a scheme produced by the lecturers.
The total workload for CYBR 271 is 150 hours. In order to maintain satisfactory progress in CYBR 271, you should plan to spend an average of 10 hours per week on this course. An approximate breakdown is: lectures 2 hours, tutorial 1 hour, assignments 5 hours and reading/review of assigned readings and lecture notes 2 hours.
|Lecture||Introduction to managing software risk.|
|Lecture||Guiding principles for software security.|
|Lecture||Buffer and stack overruns.|
|Lecture||Format string problems.|
|Lecture||Sql and command injection.|
|Lecture||All input is evil.|
|Lecture||Failure to handle errors correctly.|
|Lecture||Security code reviews.|
|Lecture||Course wrap up.|
Communication of Additional Information
All online material for this course can be accessed at https://ecs.wgtn.ac.nz/Courses/CYBR271_2021T2/.
Links to General Course Information
- Academic Integrity and Plagiarism: https://www.wgtn.ac.nz/students/study/exams/integrity-plagiarism
- Academic Progress: https://www.wgtn.ac.nz/students/study/progress/academic-progess (including restrictions and non-engagement)
- Dates and deadlines: https://www.wgtn.ac.nz/students/study/dates
- Grades: https://www.wgtn.ac.nz/students/study/progress/grades
- Special passes: Refer to the Assessment Handbook, at https://www.wgtn.ac.nz/documents/policy/staff-policy/assessment-handbook.pdf
- Statutes and policies, e.g. Student Conduct Statute: https://www.wgtn.ac.nz/about/governance/strategy
- Student support: https://www.wgtn.ac.nz/students/support
- Students with disabilities: https://www.wgtn.ac.nz/st_services/disability/
- Student Charter: https://www.wgtn.ac.nz/learning-teaching/learning-partnerships/student-charter
- Terms and Conditions: https://www.wgtn.ac.nz/study/apply-enrol/terms-conditions/student-contract
- Turnitin: http://www.cad.vuw.ac.nz/wiki/index.php/Turnitin
- University structure: https://www.wgtn.ac.nz/about/governance/structure
- VUWSA: http://www.vuwsa.org.nz
Offering CRN: 30040
Prerequisites: CYBR 171, NWEN 241
Duration: 05 July 2021 - 07 November 2021
Starts: Trimester 2