PG Diploma in Advanced Secure Software Development
Advancements in digital technologies are rapidly transforming the world and in order to sustain in IT industry it is very important to upgrade the technical skills in line with latest developments along with strong programming basics. PG Advanced Secure Software Development (PG-DASSD) course focuses on security requirements for modern software development with equal emphasis on programming foundations to make the students suitable to work in IT industry from day one. In today's scenario, Cyber Security threats are majorly addressed reactively, but by following proper Software Security practices we can minimize the attack surface and address this problem proactively. Therefore Software Security knowledge is the requirement of every Software Engineer. Software Security aspects are built in every module of the course.
All the course modules are practical oriented with a focus on foundation as well as advanced concepts. Focus towards building the fundamental concepts of cyber security includes Secure C programming, Data Structures, Operating system internals & Linux programming. Focus on the advanced concepts include Network programming, Cryptography and Network security essentials, Secure Java & Android Programming. The students would also learn Python & Machine Learning and it’s applications in the domain of cyber security. Software Security aspects are built into every module of the course and Secure Software Development Life Cycle is covered in detail. Along with the course modules, students would deliver a seminar and also execute a project in Cyber Security using Emerging Technologies during the course.
The educational eligibility criteria for PG-DASSD course is
- Graduate in Engineering (10+2+4 or 10+3+3 years) in IT / Computer Science / Electronics / Telecommunications / Electrical / Instrumentation, OR
- MSc/MS (10+2+3+2 years) in Computer Science, IT, Electronics, OR
- The candidate must have minimum 55% marks in the qualifying degree
PG-DASSD course will be delivered in fully PHYSICAL mode. The total course fee and payment details are as detailed herein below:
The total course fee is INR. 90,000/- plus Goods and Service Tax (GST) as applicable by Government of India (GOI).
The course fee for PG-DASSD has to be paid in two installments as per the schedule.
- First installment is INR. 10,000/- plus Goods and Service Tax (GST) as applicable by GOI.
- Second installment is INR. 80,000/- plus Goods and Service Tax (GST) as applicable by GOI.
The course fee includes expenses towards delivering classes, conducting examinations, final mark-list and certificate, and placement assistance provided.
The first installment course fee of Rs 10,000/- + GST on it as applicable at the time of payment is to be paid online as per the schedule. It can be paid using credit/debit cards through the payment gateway. The first installment of the course fees is to be paid after seat is allocated during counseling rounds.
The second installment of the course fees is to be paid before the course commencement through NEFT.
NOTE: Candidates may take note that no Demand Draft (DD) or cheque or cash will be accepted at any C-DAC training centre towards payment of any installment of course fees.
Basics - Introduction to GNU Tool chain, Linux environment and VI editor, Tokens of C - Keywords, Data-Types, Variables, Constants, Operators, Identifiers, Storage Class Specifiers, Control Flow Statements, GNU Make utility, Arrays, Multidimensional arrays, Data Input & Output, Strings, Loops - for, while etc., Functions and Recursion
Advanced - Pointers - Intro, Pointer Arithmetic, Pointers and Arrays, Pointers and Functions, Pointers and Strings, Structures, Unions, Enum, Typedef, Bit field operators and pointers with structures, Preprocessors, C and Assembly, Files, I/O, Variable No. of arguments, Command Line arguments, Error handling and debugging with GNU GDB, Memory layout, Calling Conventions - cdecl, std, fastcall, Format string problems, Stack Overflow, Buffer Overflow, Integer Overflows, Introduction to various C standards, Secure Coding in C - SEI CERT C coding standard
Introduction to Data Structures, Complexity of Algorithms - Space and time complexity, Linked Lists, Stacks, Queues, Sorting algorithms - Bubble, selection, insertion, quick, merge and heap sort, Searching algorithms - linear and binary search, Hashing - collision, collision resolution techniques, Trees - Binary trees, Binary search trees, AVL trees, Graphs - terminology, breadth first and depth first traversals, spanning trees, minimum spanning tree algorithms, shortest path algorithms, Pattern Matching algorithms, Pattern matching algorithms - Naive, Rabin-Karp, KMP & Boyer-Moore substring search algorithms
OS Organization, Architecture, Structure and Operations, Process Management - Processes, Threads, Concurrency, Process Synchronization, CPU Scheduling, Static and Shared Libraries, Memory Management - Main Memory and Virtual Memory, Filesystem Management - File System interface, IPC mechanisms - Pipes, Named Pipes, FIFOs, Message Queues, Mutexes, Condition Variables, Read Write locks, Semaphores, Shared Memory, Access Control Mechanisms - Discretionary Access Control & Mandatory Access Control, Timers
Computer Security Concepts, Networking Devices (Routers/Switches/Bridges), Security Attacks: Active & Passive, Introduction to Bug, Vulnerability, Threat, Attack, Exploit. Popular attacks launched by exploiting the vulnerabilities, Security Services - Authentication, Access Control, Data Confidentiality, Data Integrity, Non-Repudiation & Availability, Security Mechanisms, Classical Encryption - Cryptography, Cryptanalysis & Brute Force Attacks, Substitution & Transposition Techniques, Cryptographically strong random numbers/APIs, Introduction to Steganography, Denial of Service (DoS) Attacks & Distributed Denial of Service Attacks (DDoS), Stream Ciphers & Block Ciphers, Public Key Cryptography & RSA, Diffie-Hellman Key Exchange & Man-in-the-Middle Attack, Message Authentication Code (MAC), Hash Functions & Hashed Message Authentication Code (HMAC), Digital Signatures, Digital Certificates, X.509 & Public-key Infrastructure (PKI) Firewalls: Characteristics, Types, Bastion Host & Firewall Locations & Configurations, Intrusion Detection and Intrusion Prevention Systems, Signature Based/Flow Based/Anomaly Detection Based, Trustworthy Log Generation, Security Protocols - Pretty Good Privacy & S/MIME, VPN – IPSec, Secure Sockets Layer (SSL) & Transport Layer Security (TLS) & DNS Security (DNSSEC)
Binary Analysis- Assembly Syntax, Different phases of the C compilation process, Disassembling a Binary, ELF & PE Formats, Static Disassembly – Linear & Recursive, Dynamic disassembly with GDB, Call Graph, Control Flow Graph & Basic Blocks
Binary Exploitation & Defence Mechanisms- Stack, Stack Frame, Base Pointer, Stack Pointer, Heap, 32-bit & 64-bit calling conventions, Classical problems in C programming - Stack-based & heap-based buffer overflow, Format String problems & Integer overflows, Defence Mechanisms - Stack Canaries, Data Execution Prevention & Address Space Layout Randomization, Introduction to Return Oriented Programming
Malware Analysis - Introduction to malware – Virus, Worm, Trojan, Rootkit, Spyware, Ransomware, Keylogger, Botnet, Backdoor, Setting up a lab for malware analysis, Introduction to Vulnerability Assessment & Penetration Testing, Dynamic & Static malware analysis, Network, File & Memory Analysis, Packed malicious binaries, Antivirus technologies - signature-based, heuristic-based and whitelisting
Importance of Software Security, threat modelling, Secure Software Development Life Cycle, STRIDE & DREAD
Introduction to TCP/IP Networking Stack , Socket Introduction, Elements of TCP sockets, TCP Client-Server, I/O Multiplexing (select/poll), Elements of UDP sockets, Non-blocking I/O & IOCTL operations, Multicast Programming, Overview of IPv6 and its features, Develop sniffer program & Security analysis of network traffic, SSL/TLS protocol - Introduction to SSL Protocol, Integrating SSL with client-server application, Replay attacks and mitigations, Choosing the secure cipher suites for SSL
Introduction - Object Oriented Programming and concepts, Java language and its features, JDK, JRE and JVM, Basic Programming Constructs - Charset, identifiers, data types, variables, constants, literals operators, decision making statements (if, switch), iterative statements (while, do, for and for-each), jump statements (break, continue and return) and keywords, Classes and Objects, Data and methods members - Types of variables and their scope, Creating objects, Constructors, Overloading, Parameter passing in Java, this and static keywords, JVM and Garbage Collection - Java Virtual Machine and subsystems, Class loading and Execution Engine systems, Java runtime memory system,
Inheritance and Polymorphism - Visibility modifiers, extends and super keywords, Abstract classes, Run-time polymorphism, Interfaces, Inner classes, Anonymous inner classes, Packages and Wrapper Classes - Importing packaging, Defining custom packages, Wrapper classes, Modifiers in Java, Exception Handling - Introduction to exceptions – checked and unchecked, Java’s exception handling mechanism, Writing custom exceptions in Java, Arrays and Strings - Arrays, Strings, String constant pool, String comparison and methods, Stringbuffer and Stringbuilder classes, Command line arguments
IO Streams - Text Streams – Reader and Writer, Byte Streams – InputStream and OutputStream, File IO –Filereader and Filewriter , Processing Buffers, Ways of reading data from Keyboard, Multi-Threading- Concept of Thread and thread life cycle, Creating a thread, Thread class and its methods, Thread synchronization and inter thread communication
Java Collection Framework - Need of collections in Java, Key interfaces of Collection Framework – Collection, List, Set, Queue, Map, etc., Legacy and non-legacy collection classes, Iterators and Enumerator, Utility classes – Collections and Arrays, Exploring java.util package – Date, Calendar, Scanner etc. Generic Programming in Java, Introduction, Writing a Generic Class, Passing Objects of a Generic Class to a Method, Writing Generic Methods, Constraining a Type Parameter in a Generic Class, Use of wildcards – upper and lower bounds, , Secure Coding in Java, SEI CERT Java coding standard, Design Patterns in Java
Android Basics - Overview of Android Platform & Android Building Blocks, Overview of Android Application Components (Activity, Intents, Broadcast Receiver, Content Providers, Service), Android Permission Model and Application Sandboxing
Android application development- Android GUI Development and Event Handling, Programming on Android Application components
Security assessment of Android applications - Reverse Engineering & Obfuscation techniques, Static and Dynamic analysis with open source tools, A case study for security analysis of Android application
Basics on Python, Syntax and Standards of Python, Variables and Operators, Data types, Keywords, Control statements, Conditional Statements, Functions, Classes, Modules, Error Handling, Typecasting in Python, Arithmetic Operations, Strings in Python, Files and command line arguments, User Defined Functions, Python Libraries, Python Collections, Mathematics for Machine Learning - Linear Algebra (Including Matrix Operations), Probability & Statistics, Advance Python libraries for Machine Learning (Numpy, Pandas, Matplotlib, Scikit-learn), Introduction to Supervised, Unsupervised and Semi-supervised Learning, Data pre-processing & Feature engineering, Feature Scaling, Hyperparameter tuning, Regularization, Regression - Linear Regression, Multiple Linear Regression, Support Vector Machine (SVM), KNN, Classification - Logistic regression, KNN, SVM, Decision Trees, Naive Bayes, Clustering Algorithms (k-means), Evaluation of Regression & Classification Models, Overview of Deep Learning.
Percentage, Profit & Loss, Ratio & Proportion, Average, Mixture & Alligation, Simple Interest & Compound Interest, Number Systems , Series, Cyclicity & Remainders, Data Interpretation, Syllogism, Coding & Decoding, Blood Relations, Seating Arrangements (Linear & Circular), Ages, Puzzles, Time, Speed & Distance, Trains, Boats & Streams, Time & Work, Wages (Man days), Pipes & Cisterns, Clocks, Permutations & Combinations, Probability, Calendar
Fundamentals of Communication, The Art of Communication, Personality Development, English Grammar, Correct Usage of English, Common Mistakes in English Communication, Listening Skills, Reading Skills, Writing Skills, Public Speaking, Presentation Skills, Group Discussions, Interpersonal Skills, Personal Interviews
Students should follow Secure Software Development Principles covering the following aspects
Security aspects to be covered in all phases
Documentation of System Requirements Specification, Design, Test Plan & Test Cases
Git and bug tracking
Packaging Documentation - Installation, Help Manuals etc
Agile Software Development
Special sessions need to be arranged to students covering the above topics before initiating the project work
Project Work would be based on cyber security problem and also using emerging technologies
The course is designed to provide a comprehensive knowledge from system programing to application development considering latest technologies such as blockchain, machine learning etc. and in parallel providing lateral understanding of security concepts.
It is targeted to the candidates who are interested in learning latest technologies along with the in-depth understanding of programing and security concepts. The course will enable them to work on current technology scenarios as well as prepare them to keep pace with the changing face of technology and the requirements of the growing IT industry. The course curriculum has been designed keeping in view the emerging trends for cyber security as well as contemporary and futuristic human resource requirements of the ICT industry.
After doing this course students can work as Application/Web/Mobile/cyber security solution developer, System programmer etc. He / She will be able to use secure software engineering principles.