SEC 509: Secure Coding & Software Security
Welcome to the repository for SEC 509: Secure Coding & Software Security. This course explores the fundamental principles of building resilient software, identifying vulnerabilities, and integrating security into the modern software development lifecycle (DevSecOps).
π Course Syllabus
| Week | Topic |
|---|---|
| Week 1 | Fundamental concepts in secure software design |
| Week 2 | Secure software development life cycle |
| Week 3 | Secure programming design principles |
| Week 4 | Identifying design flaws of honeypots and other security tools |
| Week 5 | OWASP Top 10 : Web application security risks |
| Week 6 | OWASP Top 10 : Web application security risks |
| Week 7 | PHP & PHP Vulnerabilities |
| Week 8 | PHP & PHP Vulnerabilities |
| Week 9 | Injections and Mitigation |
| Week 10 | OWASP Top 10 : API |
| Week 11 | OWASP Top 10 : API |
| Week 12 | C & C++ Vulnerabilities |
| Week 13 | C & C++ Vulnerabilities |
| Week 14 | DevSecOps and static analysis tools |
π Course Chapters
Detailed study materials and summaries covering the core theoretical foundations of software security.
| Chapter | Title | Key Topics |
|---|---|---|
| Chapter 1 | Software Security Foundations | Software ubiquity, McCumber Cube (CIA Triad), Non-Functional Requirements (NFRs), and root causes of vulnerabilities. |
| Chapter 2 | Security Posture & DevSecOps | Cyber hygiene, integration of security in SDLC, PAM/Password policies, and human behavior in security. |
| β³ 2.1 | Personal & Corporate Hygiene | Habits for maintaining security in professional digital environments. |
| β³ 2.2 | Introduction to DevSecOps | Shifting security left, automation, and shared responsibility in DevOps. |
| β³ 2.3 | Password Complexity Policy | Practical guide to PAM and enforcing strict authentication rules. |
| β³ 2.4 | Cybersecurity Culture | Psychological aspects of security and building a security-first mindset. |
π Homeworks & Laboratory Works
Hands-on assignments focusing on practical security analysis, threat modeling, and defensive implementations.
Lab 1: Threat Modeling
- Focus: System analysis and threat identification.
- Project: Performed a comprehensive threat model for the OrcunCorp Document Sharing Tool using the STRIDE methodology and Microsoft Threat Modeling Tool.
Lab 2: Cybersecurity Awareness
- Focus: Cyber hygiene and professional security certifications.
- Achievement: Earned several certifications from the EU-funded CYRUS Project, covering DevSecOps, password policies, and human behavior in cybersecurity.
Lab 3: Elasticsearch Honeypots
- Focus: Honeypot deployment and custom development.
- Implementation: Deployed multiple Elasticsearch honeypots and developed HoneyPHP, a custom PHP-based honeypot to capture and analyze malicious traffic.
Lab 4: Web Application Vulnerability Analysis
- Focus: Vulnerability identification and exploitation.
- Assessment: Performed a security assessment identifying vulnerabilities like IDOR, information disclosure, and broken authentication in a target application.
π Documents
Detailed lecture notes and summaries for specific chapters. Note that only selected topics are documented here in accordance with course rules and academic integrity.
View Documents
- Chapter 1: Security Foundations & Principles.
- Chapter 2: Personal & Corporate Cyber Hygiene, DevSecOps, PAM/Password Policies, and Security Culture.
π Final Exam Cheatsheets
A comprehensive set of handwritten study notes prepared for the SEC 509 final exam.
View Cheatsheets
The folder contains 14 pages of summarized notes covering: - OWASP Top 10 & API Security: Common risks and mitigation strategies. - Honeypots: Design, deployment, detection, and monitoring. - Language Vulnerabilities: Common security issues in PHP and memory-safety problems in C (Buffer overflows, integer overflows). - Resilient Applications: Defense-in-depth, secure defaults, and hardening guidance.
This repository is part of the SabancΔ± University Information Technology Master's Degree program.