A Core Cybersecurity Course Development: Secure Programming in an Immersive Learning Environment

Purdue University Northwest
Graduate level.

“A Core Cybersecurity Course Development: Secure Programming in an Immersive Learning Environment.”  

The course materials described below are accessible via the Cyber Curriculum Library - online portal. CLICK HERE to LOGIN.

Topics and Subtopics include

“Software Security Fundamentals with Programming Demonstrations” with emphasis on security goals (confidentiality, integrity, availability, accountability, non- repudiation), cryptography basics (symmetric/asymmetric key encryption techniques and standards), access control (models, matrix, ACL), security programming techniques including SSL/HTTPS programming, encryption programming, authentication, and access control.

“Software Security Design Principles, Threats, and Countermeasures” with emphasis on software security design principles (least privilege, resource encapsulation, abstract, modularity, simplicity, defense in depth, secure by default and fail safe), software vulnerabilities and threats (buffer overflow, SQL/code injection, XSS security), design-in security, software requirement security specifications (error handling, quality assurance, validation and fraud checking).

“Secure Programming Fundamentals” with emphasis on input validation, normalization, and sanitization, proper data declaration and initialization, safe use of expressions (return values, pointers, equality comparisons), secure and privacy sensitive exception handling, numeric type & operations (integer overflow, bitwise and arithmetic operations, zero division and modularization, floating points data operations). 

“Secure Object Oriented Software Programming” with emphasis on OOAD software design principles (inheritance, encapsulation, abstract, polymorphism), control of class clone, extensibility, and mutability, control of overridden methods, security check methods, and object comparison methods, and argument passing.

“Secure Network, File IO & Concurrent Programming” with emphasis on multi-thread programming, race conditions, mutual exclusion and synchronization through lock and semaphore, deadlock avoidance, control shared file access and file resource release, control multi-thread network programming, security issues of serialization/deserialization of data objects crossing networks.

And “Software Programming Platform Security” with emphasis on secure code and operation check through security manager, access controller, secure class loading, code signing, package sealing, bytecode verification, and data security protection through SSL/HTTPS programming.

NCWF Categories included:  

[NOT INCLUDED IN SOLICITATION]

NCWF Specialty Areas included

Software Development (DEV)

NCWF KSAs included

K0001: Knowledge of computer networking concepts, protocols, and network security methods. 

K0004: Knowledge of cybersecurity principles. 

K0005: Knowledge of cyber threats and vulnerabilities. 

K0007: Knowledge of authentication, authorization, and access control methods  

K0016: Knowledge of computer programming principles such as object-oriented design  

K0039: Knowledge of cybersecurity principles and methods that apply to  software development  

K0085: Knowledge of system and application security threats and vulnerabilities  

K0140: Knowledge of secure coding techniques  

K0152: Knowledge of software related information technology (IT) security principles and methods  

S0001: Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems  

S0014: Skill in software debugging. 

S0019: Skill in creating programs that validate and process multiple inputs  

S0022: Skill in designing countermeasures to identified security risks  

S0060: Skill in writing code in a currently supported programming language (Java)  

S0138: Skill in using PKI encryption and digital signatures (SSL)  

S0149: Skill in developing applications that can handle errors, exceptions, and application faults and logging  

A0007: Ability to tailor code analysis for application-specific concerns  

A0047: Ability to develop secure software according to secure software deployment methodologies/practices 

Summary

[NOT INCLUDED IN SOLICITATION], split between six topics (see Topics and Subtopics). [NOT INCLUDED IN SOLICITATION]. [NOT INCLUDED IN SOLICITATION]. Lab exercises, lectures, assessments, term project, and GUI based games included. Curriculum focuses on programming in Java, as well as C and SQL. Curriculum also offers GUI based games for integrative learning.