:: TAS Teaching Allocation System

None
Course Number:
CSCI 4628

Approved Starting Semester:
Fall 2025

Course Title:
Defensive Programming

Course Description (Bulletin Description):
This course provides in-depth coverage of defensive programming techniques. Topics include: input validation and data sanitization, choice of programming language and type-safe languages, examples of common vulnerabilities and coding errors, and secure coding practices.

Prerequisite:
CSCI 4200 and (CSCI 2010 or CSCI 2000)

Co-requisite:
None

Pre/Co-requisite::
None

Dual-Listed:
CSCI 5628

Course Objectives (Course-level Student Learning Outcomes):
At the completion of the course, the student will be able to: 1. Explain why input validation and data sanitization is necessary in the face of adversarial control of the input channel. 2. Explain why you might choose to develop a program in a type-safe language like Java, in contrast to an unsafe programming language like C/C++. 3. Classify common input validation errors, and write correct input validation code. 4. Demonstrate using a high-level programming language how to prevent a race condition from occurring and how to handle an exception. 5. Demonstrate the identification and graceful handling of error conditions. 6. Explain the risks with misusing interfaces with third-party code and how to correctly use third-party code. 7. Discuss the need to update software to fix security vulnerabilities and the lifecycle management of the fix. 8. List examples of direct and indirect information flows. 9. Explain the role of random numbers in security, beyond just cryptography (e.g. password generation, randomized algorithms to avoid algorithmic denial of service attacks). 10. Explain the different types of mechanisms for detecting and mitigating data sanitization errors. 11. Demonstrate how programs are tested for input handling errors. 12. Use static and dynamic tools to identify programming faults. 13. Describe how memory architecture is used to protect runtime attacks.

Topics Covered (In Outline/Calendar):
* input validation * data sanitization * choice of programming language * type-safe languages * examples of common vulnerabilities and coding errors * secure coding practices.

Student Learning Outcomes:

Analyze a complex computing problem and to apply principles of computing and other relevant disciplines to identify solutions. (SLO1)
Design, implement, and evaluate a computing-based solution to meet a given set of computing requirements in the context of the program’s discipline. (SLO2)

Course Coordinator:
None

Instructor-in-charge:
None

Previous Professors:
None

Technologies / Skills:
Defensive programming techniques

Textbook(s):
Spring 2024
Title: SECURE CODING IN C AND C++
Edition: 2ND
Author: SEACORD
Publisher: ADDISON-WESLEY
ISBN: 9780321822130
========================================

Go back to choose another course