Domenico PARENTE | PROGRAMMAZIONE SICURA

cod. 0522500065

PROGRAMMAZIONE SICURA

	0522500065
	DIPARTIMENTO DI INFORMATICA

	COMPUTER SCIENCE
	2014/2015

CURRICULUM SISTEMI DI GESTIONE DEI DATI E DELLA CONOSCENZA

	YEAR OF DIDACTIC SYSTEM 2010
	SECONDO SEMESTRE

TEACHING UNITS

SSD	CFU	HOURS	ACTIVITY	TYPE OF ACTIVITY
INF/01	7	56	LESSONS	COMPULSORY SUBJECTS, CHARACTERISTIC OF THE CLASS
INF/01	2	16	LAB	COMPULSORY SUBJECTS, CHARACTERISTIC OF THE CLASS

PROFESSORS

	DOMENICO PARENTE T Curriculum
	IVAN VISCONTI Curriculum

	Objectives
	KNOWLEDGE AND UNDERSTANDING THE STUDENT WILL ACQUIRE KNOWLEDGE, SKILLS, AND PRACTICAL EXPERIENCES OF SOFTWARE STATIC ANALYSIS TO BE ABLE TO UNDERSTAND THE SECURITY DEGREE OF A SOFTWARE. APPLYING KNOWLEDGE AND UNDERSTANDING THE GOAL OF THE COURSE IS ALSO THAT TO TEACH TO USE MAIN TOOLS OF SOFTWARE ANALYSIS, IN PARTICULAR THOSE CURRENTLY MAINLY UTILIZED TO DEAL THE SAFETY AND THE SECURITY OF THE SOFTWARE. MAKING JUDGEMENTS THE STUDENT WILL BE ABLE TO EVALUATE THE SAFETY AND THE SECURITY OF A SOFTWARE BASED ON THE TOOLS WHICH HAVE BEEN TAUGHT HIM. COMMUNICATION SKILLS THE COURSE AIMS TO MAKE THE STUDENT AWARE OF THE SECURITY AND SAFETY ISSUES RELATED TO A SOFTWARE AND WILL BE ABLE TO COMMUNICATE TO A SPECIALIZED PUBLIC AND NON-SPECIALIZED AUDIENCE, WITH COMPETENCE, CONFIDENCE, AND PROPER TERMS, POSSIBLE APPROACHES TO THEIR SOLUTION. LEARNING SKILLS THE COURSE WILL PROVIDE THE STUDENT WITH THE TOOLS NECESSARY TO ALLOW CONTINUOUS UPDATING OF HIS/HER KNOWLEDGE EVEN AFTER THE CONCLUSION THE COURSE ITSELF (LIFE LONG LEARNING). THE STUDENT WILL BE ABLE TO READ ANY DOCUMENTATION ON SAFETY AND SECURITY, UNDERSTANDING THE BASIC MEANING, ALTHOUGH HE/SHE WILL ABLE TO PARTIALLY GET THE THEORETICAL ISSUES THAT MIGHT BE PRESENT IN SUCH DOCUMENTS.

KNOWLEDGE AND UNDERSTANDING
THE STUDENT WILL ACQUIRE KNOWLEDGE, SKILLS, AND PRACTICAL EXPERIENCES OF SOFTWARE STATIC ANALYSIS
TO BE ABLE TO UNDERSTAND THE SECURITY DEGREE OF A SOFTWARE.

APPLYING KNOWLEDGE AND UNDERSTANDING
THE GOAL OF THE COURSE IS ALSO THAT TO TEACH TO USE MAIN TOOLS OF SOFTWARE ANALYSIS, IN PARTICULAR THOSE
CURRENTLY MAINLY UTILIZED TO DEAL THE SAFETY AND THE SECURITY OF THE SOFTWARE.

MAKING JUDGEMENTS
THE STUDENT WILL BE ABLE TO EVALUATE THE SAFETY AND THE SECURITY OF A SOFTWARE BASED ON THE TOOLS WHICH
HAVE BEEN TAUGHT HIM.

COMMUNICATION SKILLS
THE COURSE AIMS TO MAKE THE STUDENT AWARE OF THE SECURITY AND SAFETY ISSUES RELATED TO A SOFTWARE
AND WILL BE ABLE TO COMMUNICATE TO A SPECIALIZED PUBLIC AND NON-SPECIALIZED AUDIENCE, WITH COMPETENCE, CONFIDENCE, AND PROPER TERMS, POSSIBLE APPROACHES TO THEIR SOLUTION.

LEARNING SKILLS
THE COURSE WILL PROVIDE THE STUDENT WITH THE TOOLS NECESSARY TO ALLOW CONTINUOUS UPDATING OF HIS/HER KNOWLEDGE EVEN AFTER THE CONCLUSION THE COURSE ITSELF (LIFE LONG LEARNING). THE STUDENT WILL BE ABLE TO READ ANY DOCUMENTATION ON SAFETY AND SECURITY, UNDERSTANDING THE BASIC MEANING, ALTHOUGH HE/SHE WILL ABLE TO PARTIALLY GET THE THEORETICAL ISSUES THAT MIGHT BE PRESENT IN SUCH DOCUMENTS.

	Prerequisites
	KNOWLEDGE OF LINUX OPERATING SYSTEM AND C, JAVA AND PHP PROGRAMMING

	Contents
	THE COURSE INTRODUCES TO THE STATIC ANALYSIS OF SOFTWARE CODE TO MAKE IT SAFE AND SECURE, SHOWING A GLOBAL VIEW OF THE MAIN SECURITY PROBLEMS THAT OCCURS NOWADAYS. THE MAIN POINTS ARE SHOWN IN C AND JAVA LANGUAGE, USING SECURITY ACCIDENTS OCCURRED IN REALITY AND SHOWING HOW CODE ERRORS ARE EXPLOITED AND SHOW HOW THEY SHOULD BE PREVENTED AND HOW STATIC ANALYSIS COULD RAPIDLY LOCATE THEM. THE COURSE DOES NOT NEED ANY PARTICULAR PREREQUISITE AND IS ADDRESSED TO EVERYBODY WHO CARES TO SAFE PROGRAMMING. MANY EXAMPLES FROM REAL LIFE WILL BE SHOWN, LIKE VULNERABILITY OF FIREFOX, OPENSSH, MYSPACE, ETRADE, APACHE HTTPD AND OTHER TECHNIQUES TO DEAL WITH UNRELIABLE INPUT AND HOW TO DEAL WITH THE PROBLEM OF THE BUFFER OVERFLOW. TACTICS AND STRATEGIES TO AVOID SPECIFIC WEB APPLICATIONS, WEB SERVICES AND AJAX, SAFE LOGGING, DEBUGGING AND ERROR HANDLING AND EXCEPTIONS. CREATIONS, MAINTAINANCE AND SECRET SHARINGS AND CONFIDENTIAL INFORMATION.

Contents

THE COURSE INTRODUCES TO THE STATIC ANALYSIS OF SOFTWARE CODE TO MAKE IT SAFE AND SECURE, SHOWING A GLOBAL
VIEW OF THE MAIN SECURITY PROBLEMS THAT OCCURS NOWADAYS.
THE MAIN POINTS ARE SHOWN IN C AND JAVA LANGUAGE, USING SECURITY ACCIDENTS OCCURRED IN REALITY AND SHOWING
HOW CODE ERRORS ARE EXPLOITED AND SHOW HOW THEY SHOULD BE PREVENTED AND HOW STATIC ANALYSIS
COULD RAPIDLY LOCATE THEM.
THE COURSE DOES NOT NEED ANY PARTICULAR PREREQUISITE AND IS ADDRESSED TO EVERYBODY WHO CARES TO
SAFE PROGRAMMING.
MANY EXAMPLES FROM REAL LIFE WILL BE SHOWN, LIKE VULNERABILITY OF FIREFOX, OPENSSH, MYSPACE, ETRADE, APACHE HTTPD AND OTHER TECHNIQUES TO DEAL WITH UNRELIABLE INPUT AND HOW TO DEAL WITH THE PROBLEM OF THE
BUFFER OVERFLOW.
TACTICS AND STRATEGIES TO AVOID SPECIFIC WEB APPLICATIONS, WEB SERVICES AND AJAX, SAFE LOGGING,
DEBUGGING AND ERROR HANDLING AND EXCEPTIONS.
CREATIONS, MAINTAINANCE AND SECRET SHARINGS AND CONFIDENTIAL INFORMATION.

	Teaching Methods
	THE COURSE HAS SOME THEORETICAL LECTURES TO TRANSFER NECESSARY KNOWLEDGE TO UNDERSTAND THE MAIN TOPICS AND SOME PRACTICAL LECTURES WHERE MAIN TOOLS OF STATIC ANALYSIS FOR SOFTWARE ARE SHOWN. THE COURSE WILL ALSO PUSH STUDENTS FOR INDIVIDUAL AND GROUP EXERCISES.

	Verification of learning
	ONE PRACTICAL EXAM IN LABORATORY ALONG WITH AN ORAL COLLOQUIUM OR A SINGLE PROJECT TO DEVELOP

	Texts
	SECURE PROGRAMMING WITH STATIC ANALYSIS, BRIAN CHESS, JACOB WEST, PEARSON ADDISON WESLEY, ISBN 978-0321424778

BETA VERSION Data source ESSE3 [Ultima Sincronizzazione: 2016-09-30]

Domenico PARENTE | PROGRAMMAZIONE SICURA