Malicious programs and secure programming

Created: July 3, 2003
Last Updated: July 3, 2003

"The security of a computer system is as good as the quality of the program code the developers wrote." -- Bun Yue

Secure programming is concerned with programming styles and techniques for ensuring more secure applications.

Proposed Submodules

Submodules may be cross listed with other modules.

• Submodule #1: introduction to secure programming: general principles, examples of insecure code; common problems of insecure programs; types of secure programs, tools for secure programming
• Submodule #2: Common consideration in secure programming: buffer overflow, user input validation, etc. (Prereq: Submodule #1, a high level language and data structures.)
• Submodule #3: Operating Systems consideration using *nix as an example. An introduction to Unix security features and discussion on *nix security programming (Prereq: Submodule #1 and *nix)
• Submodule #4: Language consideration using Java as an example: An introduction to Java's security model and security related class and discussion on Java's secure programming (Prereq: Submodule #1 and Java)
• Submodule #5: Application consideration using Web as an example: Secure programming consideration in CGI-Perl and/or JSP (Prereq: Submodule #1, Java, Perl and Internet Application Development).
• Submodule #6: Introduction to malicious programs: an introduction to malicious programs including virus, worms, backdoors, trojan horses, etc. Both technical and social aspects of malicious programs will be discussed.
• Submodule #7: Malicious programs: case studies: a collection of technical case study of malicious programs such as love letter. (Prereq: Submodule #1, #6 and high level language)

Resources

• Useful External Links.