教學大綱表 Syllabus
請遵守智慧財產權,勿使用非法影印教科書,避免觸法。
課程名稱
Course Title
(中文) 安全軟體開發與檢測
(英文)
開課單位
Departments
資訊工程研究所
課程代碼
Course No.
I6100
授課教師
Instructor
包蒼龍
學分數
Credit
3.0 必/選修
core required/optional
選修 開課年級
Level
研究所
先修科目或先備能力Course Pre-requisites:無
課程概述與目標 Course Overview and Goals: 本課程的目的是深入瞭解安全軟體開發與檢測,包括其規劃、設計,實作、測試和維護。在課程中,學生將學習如何進行安全軟體開發生命週期(SSDLC):需求、設計、開發、測試與佈署維運,以及以下主題:威脅建模、身份驗證和授權問題、輸入清理、源碼檢測、修復漏洞和派送修補。為了確認系統的安全性,在軟體系統上線前,如何對源碼進行檢測以及依檢測結果修補程式等相關知識,引導學生依據OWASP Top 10的清單,檢測程式中潛在的如SQL Injection、XSS等弱點,據以確保軟體系統的安全。
教科書
Textbook
自編教材
參考教材
Reference
1. 打造安全無虞的Web Applications:從策略制定、程式開發,到防止惡意攻擊之必備對策白皮書,德丸浩,博碩文化
2. 無瑕的程式碼-整潔的軟體設計與架構篇 (Clean Architecture: A Craftsman's Guide to Software Structure and Design),Robert C. Martin 著、戴于晉 譯,博碩文化
3. 網站資料
課程大綱
Syllabus
學生學習目標
Learning Objectives
單元學習活動
Learning Activities
學習成效評量
Evaluation
備註
Notes

Week
單元主題
Unit topic
內容綱要
Content summary
1 Introduction to Secure Software Development 1. What is SSDLC
2. Software vulnerability analysis
1. Learn what is SSDLC
2. Learn why software vulnerability exist
  • 討論
  • 講授
  • 報告 Presentation
  •  
    2 Introduction to Secure Software Development 1. Common mistake and rules for secure software 1. Learn common programming mistakes
    2. Learn how to write secure codes
  • 討論
  • 講授
  • 作業 Assignment
  •  
    3 Requirements of security and privacy, risk assessment, and lower the attack surface 1. Requirement of security and privacy
    2. Risk assessment
    3. Attack surface and method to lower the risk
    1. Learn what is the security and privacy requirements of a software
    2. Learn what is risk assessment and how to avoid the risk
    3. Learn what is the attack surface and how to lower the risk of being attacck
  • 講授
  • 實作
  •  
    4 Source code review for potential software vulnerability 1. String and buffer overflow
    2. Shell code
    1. Learn what is buffer overflow and how to correctly handle the string operation
    2. Learn how to avoid the shell code vulnerability
  • 上機實習
  • 講授
  •  
    5 Secure software development life cycle (SSDLC) 1. Requirement and specification
    2. Design
    1. Learn how to setup the software requirement
    2. Learn the methodology of software design
  • 討論
  • 講授
  • 實作
  • 作業 Assignment
  •  
    6 Secure software development life cycle (SSDLC) 1. Development 1. Learn the development phase of the software system design
  • 講授
  • 報告 Presentation
  •  
    7 Secure software development life cycle (SSDLC) 1. Testing
    2. Deployment and maintenance
    1. Learn the testing phase of the SSDLC
    2. Learn how to setup the testing and production environment
  • 討論
  • 講授
  • 實作
  • 報告 Presentation
  •  
    8 Principle of secure software development 1. Security of formatted output
    2. Validation check of input data
    1. Learn about the output data security
    2. Learn how to validate the input data
  • 討論
  • 講授
  • 實作
  •  
    9 Midterm examination Midterm examination Outcome assessment
  • 期中考 Midterm
  •  
    10 Software vulnerability analysis 1. Privilege elevation problem
    2. Error handling process
    3. Dynamic memory management
    1. Learn the problem of privilege elevation
    2. Learn the correct way to handling errors
    3. How to avoid memory overflow
  • 講授
  • 實作
  •  
    11 OWASP Injection flaw and cross site scripting attack 1. Web programming design examples
    2. Injection attack vulnerability and testing
    3. Cross site scripting and testing
    1. Learn how to design programs for web
    2. Learn the injection flaw problem
    3. Learn what is cross site scripting and how to reduce the risk
  • 講授
  • 實作
  • 報告 Presentation
  •  

    教學要點概述 Overview of Teaching Points:
    教材編選 Teaching Materials: ■ 自編教材 Handout by Instructor ■ 教科書作者提供 Textbook
    評量方法 Evaluation: 期末考 Final Exam:30%   期中考 Midterm:30%   報告 Presentation:15%   :5%   平時考 Test:10%   作業 Assignment:10%  
    教學資源 Teaching Resources: □ 教材電子檔 Soft Copy of the Handout or the Textbook □ 課程網站 Website
    扣考規定 The rule of being able to take the final exam of the course:http://eboard.ttu.edu.tw/ttuwebpost/showcontent-news.php?id=504