AIMS AND OBJECTIVES OF THE COURSE: The course introduces the vulnerability of the code in different programming technologies local or external attacks, as well as software tools and practices for protection. The aim of the discipline is to provide knowledge about information protection and to give students skills for identification of possible risks in certain systems and for application of proper means for protection.
DESCRIPTION OF THE COURSE: The course includes: threat modeling, the principle of least privilege, defense in depth, authentication, luring attack, running as non-privileged user, writing code that can be used by a non-admin, auditing, security context, security context in the .NET Framework, token, privileges, granting end revoking privileges, daemon, run a program as another user, impersonation, impersonate a user, impersonation in ASP.NET, COM authentication level, COM impersonation, initialize security for COM, configuration security for a COM client, store secrets on a computer, programmatically log off or reboot the computer, overruns attacks, safe exception handling, security enhancements in the .NET Framework, points to cryptography in .NET, ASP security, server-side security controls, defining roles, configuration file encryption, cryptographic elements, protecting secret data, using PKCS #5 to make the attacker’s job harder, Protecting secrets in Windows 2000 and later, difference between LSA secrets and DPAPI, encrypting secret data in memory, different ways of storing secret data – rising the security bar up.
