《安全编程》课程介绍
安全编程是计算机科学与技术(网络与信息安全)专业的专业必修课,本课程的目的是使学生掌握安全程序设计的基本过程,基本的安全编码技术,针对应用程序攻击的各种防范技术等。
通过本课程的学习,使学生掌握安全程序设计的基本理论和基本知识,培养学生分析问题和解决问题的能力,并使其具备安全系统的分析能力和初步设计能力。
本课程主要内容包括:编写安全程序的基本过程和基本法则、威胁建模技术、缓冲区溢出、SOCKET编程、SOCKET安全、程序的可移植性与并发安全、确定适当的访问控制、以最小特权运行、拒绝服务攻击的防范、ShellCode开发和Exploit等。
本课程第三学年第2学期开设,计划学时32,先修课为:汇编语言程序设计,操作系统,计算机安全,网络安全。。
Introduction to the course "Secure Programming"
"Secure Programming" is one of the Obligatory courses for the major of computer science and technology (network and information security), it brings to students the core concepts, knowledge and theories of secure programming, improve the students’ abilities to analyzing and solving the problems. By this course, the students need to understand the basic process of secure programming, the basic skills of writing secure codes and the technologies of preventing attacks to the applications.
This course contains: the basic process and rules to writing secure programs, the technologies of threat modeling, buffer overflow, socket programming, socket security, concurrence security, how to give the application the appropriate accesses control lists, how to give the application the minimum priorities, how to prevent the DoS attacks, developing the Shellcodes and Exploits.
This course starts at 2nd semester of 3rd academic year, 32 academic hours in all. Its prerequisite courses are: Assembly Language programming, Principles of Computer Organization, Operating System, Computer Security and Network Security.
