SEC835 Security in Databases and Web applications

Presentation

Objectives

Fundamentals of systems and software security

Information security threats and attacks Security services Secure software Databases security Web application security

Course Structure

Weeks 1 – 7 Fundamentals Threats and attacks Focused on Security Services, e.g. user

authentication, authorization, logging, testing

Course Structure

Weeks 8 – 17 Software security

Software vulnerabilities and controls Secure programming

Databases security Web application security

Course Implementation Strategy

Information security topic is large Key points selected Best industry practice is the base Theoretical materials Research projects in the lab Practice in identifying security

vulnerabilities and countermeasures

Students Evaluation

Lab completeness – 11% Assignments – 24% Mid-term test – 25% Final exam – 40%

Challenges

A lot of new terms and definitions Conceptual vision and analytical approach

required Writing in English required Presentations and discussions

Job searching tips

Include the appropriate message into your resume: Knowledge and tools that help in

Writing secure software, including web and database applications

GUI-based testing software for security

Focus on making practical reference tools you have developed yourself

Words of cautions

No intent of making you a security professionals

Intent is that working as a programmer, or tester, you understand related security issues and you have some knowledge of how to avoid them