Purdue NW: A Core Cybersecurity Course Development: Secure Programming in an Immersive Learning Environment
Purdue University Northwest
“A Core Cybersecurity Course Development: Secure Programming in an Immersive Learning Environment.”
The course materials described below are accessible via the Cyber Curriculum Library - online portal. CLICK HERE to LOGIN.
Topics and Subtopics include:
“Software Security Fundamentals with Programming Demonstrations” with emphasis on security goals (confidentiality, integrity, availability, accountability, non- repudiation), cryptography basics (symmetric/asymmetric key encryption techniques and standards), access control (models, matrix, ACL), security programming techniques including SSL/HTTPS programming, encryption programming, authentication, and access control.
“Software Security Design Principles, Threats, and Countermeasures” with emphasis on software security design principles (least privilege, resource encapsulation, abstract, modularity, simplicity, defense in depth, secure by default and fail safe), software vulnerabilities and threats (buffer overflow, SQL/code injection, XSS security), design-in security, software requirement security specifications (error handling, quality assurance, validation and fraud checking).
“Secure Programming Fundamentals” with emphasis on input validation, normalization, and sanitization, proper data declaration and initialization, safe use of expressions (return values, pointers, equality comparisons), secure and privacy sensitive exception handling, numeric type & operations (integer overflow, bitwise and arithmetic operations, zero division and modularization, floating points data operations).
“Secure Object Oriented Software Programming” with emphasis on OOAD software design principles (inheritance, encapsulation, abstract, polymorphism), control of class clone, extensibility, and mutability, control of overridden methods, security check methods, and object comparison methods, and argument passing.
“Secure Network, File IO & Concurrent Programming” with emphasis on multi-thread programming, race conditions, mutual exclusion and synchronization through lock and semaphore, deadlock avoidance, control shared file access and file resource release, control multi-thread network programming, security issues of serialization/deserialization of data objects crossing networks.
And “Software Programming Platform Security” with emphasis on secure code and operation check through security manager, access controller, secure class loading, code signing, package sealing, bytecode verification, and data security protection through SSL/HTTPS programming.
NCWF Categories included:
NCWF Specialty Areas included:
Software Development (DEV)
NCWF KSAs included:
K0001: Knowledge of computer networking concepts, protocols, and network security methods.
K0004: Knowledge of cybersecurity principles.
K0005: Knowledge of cyber threats and vulnerabilities.
K0007: Knowledge of authentication, authorization, and access control methods
K0016: Knowledge of computer programming principles such as object-oriented design
K0039: Knowledge of cybersecurity principles and methods that apply to software development
K0085: Knowledge of system and application security threats and vulnerabilities
K0140: Knowledge of secure coding techniques
K0152: Knowledge of software related information technology (IT) security principles and methods
S0001: Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems
S0014: Skill in software debugging.
S0019: Skill in creating programs that validate and process multiple inputs
S0022: Skill in designing countermeasures to identified security risks
S0060: Skill in writing code in a currently supported programming language (Java)
S0138: Skill in using PKI encryption and digital signatures (SSL)
S0149: Skill in developing applications that can handle errors, exceptions, and application faults and logging
A0007: Ability to tailor code analysis for application-specific concerns
A0047: Ability to develop secure software according to secure software deployment methodologies/practices
Lab exercises, lectures, assessments, term project, and GUI based games included. Curriculum focuses on programming in Java, as well as C and SQL. Curriculum also offers GUI based games for integrative learning.