K S R Institute for Engineering and Technology Regulation 2023

SOFTWARE VULNERABILITY Category L T P C

23CB1501
TESTING PCC 3 0 0 3
OBJECTIVES:
The Course will enable learners to:
 Understand the use of Software Vulnerability Assessment in developing and testing
Software.
 Learn about Vulnerabilities Assessment methods, techniques, and approaches.
 Acquire knowledge about techniquesand tools for Software Vulnerabilities testing
 Become proficient with techniques and tools for Software Vulnerability Testing
 Explore vulnerability management and remediation techniques
UNIT - I INTRODUCTION TO VULNERABILITY ASSESSMENT 6
What is Vulnerability Assessment and why do we need it? – Vulnerability Assessment and
Penetration Testing Process (Goals and objectives, scope, Info gathering, vulnerability detection
and info analysis and planning) -Vulnerability Testing Methods (active and passive, network and
distributed testing, verifying file/system access)

UNIT - II SOFTWARE VULNERABILITY FUNDAMENTALS 6

Vulnerabilities, Security Policies, Security Expectations, The Necessity of Auditing, Auditing vs
Black-Box testing, Classifying Vulnerabilities, Types of Vulnerabilities (Design,
Implementation, and Operational Vulnerabilities), Gray Areas, Input and Data Flow, Trust
Relationships, Assumptions and Misplaced Trust, Interfaces, Exceptional Conditions
UNIT - III SOFTWARE VULNERABILITIES 6
Memory Corruption – Buffer Overflows, Process Memory Layout, Stack Overflows, Off-by-One
Errors, Heap Overflows, Shellcode, Finding your code in Memory, How memory blocks are
allocated, shared and overwritten, Language Based Vulnerabilities – Data Storage methods,
Binary Encoding, Byte Order,Type conversions and associated vulnerabilities
,Truncations,Operators,Pointers,and References,Types.
UNIT - IV PROGRAM BUILDING BLOCKS 6
Auditing Variable Use, Variable Relationships, Variable Initialization, Arithmetic Boundaries,
Type Confusion, Lists and Tables, Looping Constructs, Auditing Functions, Flow Transfer
Statements, Return Value Testing and Interpretation, Double Frees; Strings and Metacharacters –
C String Handling, Unbound and Bound String Functions, Common Issues
UNIT - V METACHARACTERS 6
Metacharacters, Embedded Delimiters, NULL Character Injection, Common Metacharacter
Formats, Path Metacharacters, Shell Metacharacters, SQL Queries, Metacharacter Filtering,
Eliminating and Escaping Metacharacters, Unicode, Windows Unicode Functions

TOTAL: 30 PERIODS
 K S R Institute for Engineering and Technology Regulation 2023

COURSE OUTCOMES:
Upon completion of the course, the students will be able to:

Course Blooms
Outcome Description
Taxonomy
CO1 Educate students about types of software vulnerabilities Understand
Identify various types of software vulnerabilities through multiple
CO2 Understand
testing methods such as penetration testing.
Students should be able to write detailed and comprehensive reports
CO3 about any Understand
Students will acquire the skills to recommend and implement
CO4 vulnerability mitigation strategies Understand
Students will be able to assess the security posture of web, mobile,
CO5 and networked applications Understand

TEXT BOOKS:

1. Mark Dowd, John McDonald and Justin Schuh, 'The Art of Software Security Assessmen Identifying
and Preventing Software Vulnerabilities', O'Riley Media, November 2006, ISBN 0321444426
Wysopal, Chris, et al. The art of software security testing: identifying software
2.
security flaws. Pearson Education, 2006.
REFERENCES:

1. David Kennedy, Jim O'gorman, Devon Kearns, MatiAharoni, 'Metasploit – The Penetration Tester’s
Guide, No Starch press, July 2011, ISBN 9781593272883
2. Weidman, Georgia. Penetration testing: a hands-on introduction to hacking. No Sratch Press,2014.
Mark Dowd, John McDonald, and Justin Schuh, “The Art of Software Security Assessment: Identifying
3. and Preventing Software Vulnerabilities”,Addison-Wesley Professional,first edition,November 20,
2006.
4. Dafydd Stuttard and Marcus Pinto, “The Web Application Hacker's Handbook: Finding and Exploiting
Security Flaws”,Wiley,First Edition,October 22, 2007.
5. Jon Erickson, “Hacking: The Art of Exploitation”, First Edition: Published by No Starch Press on
November 1, 2003.

Mapping of COs with POs and PSOs

COs/ POs PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12 PSO1 PSO2
CO1 3 2 2 1 2 2 1 2 - - - - 3 2
CO2 3 3 3 3 3 2 1 2 - - - - 3 3
CO3 3 3 3 3 3 2 1 2 2 1 - - 3 3
CO4 3 2 3 3 3 3 2 2 2 2 1 1 3 3
CO5 3 3 3 3 3 3 2 2 3 3 2 2 3 3
Avg. 3 2.8 2.8 2.6 2.8 2.4 1.4 2 2 2 1 1 3 2.8
1 - low, 2 - medium, 3 - high, ‘-' - no correlation
 K S R Institute for Engineering and Technology Regulation 2023

Category L T P C
SOFTWARE VULNERABILITY
23CB1521 PCC 0 0 3 1.5
TESTINGLABORATORY
OBJECTIVES:
The Course will enable learners to:
 Understand the working of OpenVAS and its role in vulnerability assessment.
 Capture and analyze network packets using Wireshark.
 Understand black-box and white-box testing methodologies.
 Learn buffer overflow vulnerabilities and their impact.
 Explore SQL injection vulnerabilities and attack methods.
List of Experiments:
1. Perform a vulnerability scan using OpenVAS to identify security weaknesses in a given network.
2. Compare passive and active scanning techniques using Wireshark and Nmap to analyze network
traffic.
3. Conduct black-box and white-box testing on a web application and document the differences in
vulnerabilities found.
4. Exploit a simple C program with a buffer overflow vulnerability and analyze memory layout using
GDB.
5. Demonstrate heap overflow by modifying memory allocation in a vulnerable C program and
executing shellcode.
6. Identify misplaced trust relationships in a sample application by intercepting and modifying input
data.
7. Perform an SQL injection attack on a vulnerable web application to bypass authentication
mechanisms.
8. Analyze type confusion vulnerabilities by manipulating variable initialization and data types in a C
or Python program.
9. Test string handling vulnerabilities by exploiting unbounded string functions like gets () and
strcpy().
10. Investigate metacharacter injection attacks by exploiting shell metacharacters in a command
execution scenario.

TOTAL: 30 PERIODS
COURSE OUTCOMES:
Upon completion of the course, the students will be able to:
Course Description Blooms
Outcome Taxonomy
Level
Identify and analyze security weaknesses in a given network using
CO1 Analyze
OpenVAS.
CO2 Capture and analyze network traffic to detect potential security threats. Analyze
Perform security assessments on a web application using black-box and
CO3 Applying
white-box testing approaches.
Demonstrate a buffer overflow attack and explain its security
CO4 Applying
implications.
Exploit SQL injection vulnerabilities to bypass authentication
CO5 Analyze
mechanisms.
 K S R Institute for Engineering and Technology Regulation 2023

Mapping of COs with POs and PSOs

COs/ POs PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12 PSO1 PSO2
CO1 3 3 2 3 3 2 1 1 2 2 1 2 3 3
CO2 3 3 3 2 3 2 1 1 2 2 1 2 3 3
CO3 3 3 3 3 3 3 2 1 2 3 2 2 3 3
CO4 3 3 3 3 3 2 1 1 2 3 2 2 3 3
CO5 3 3 3 3 3 3 2 1 2 3 3 2 3 3
Avg. 3 3 2.8 2.8 3 2.4 1.4 1 2 2.6 1.8 2 3 3
1 - low, 2 - medium, 3 - high, ‘-' - no correlation
 K S R Institute for Engineering and Technology Regulation 2023

Category L T P C
23ITI532 WEB TECHNOLOGY
PCC 3 0 0 3
OBJECTIVES:
The Course will enable learners to:
 Understand the fundamentals of web development and responsive design using
HTML5, CSS3, and Bootstrap.
 Develop interactive client-side web applications using JavaScript, DOM manipulation,
and JQuery.
 Explore client/server communication using HTTP, REST APIs, and Node.js.
 Build dynamic front-end applications using ReactJS and component-based architecture.
 Understand NoSQL databases, specifically MongoDB, and its interaction with web
applications.
UNIT - I WEB ESSENTIALS 9
Evolution of web - Web architecture,Web application- HTML5: Text tags, Graphics, Form
elements, Semantic tags - CSS3: Selectors, Backgrounds and borders, Text effects, Cascading
and inheritance of style properties, Box Model, Positioning - Introduction to responsive
designBootstrap: Containers, Grids, Typography, Flex, and Forms
UNIT - II CLIENT-SIDE SCRIPTING 9
JavaScript basics –Arrays- Functions - JavaScript object – HTML DOM - DOM methods –
Events- Form Validation-Regular expressions- JQuery.
UNIT - III CLIENT/SERVER COMMUNICATION &DEVELOPMENT 9
HTTP- Request/Response Model- HTTP Methods- REST APIs -Node.js - NPM – Call backs -
Events- Express framework: Request-Response, Cookies - Sessions - File uploading - Sending
email.
UNIT - IV COMPONENT-BASED FRONT-END JS LIBRARY 9
Introduction to component-based front-end library: ReactJS – Environment setup – React HTML
render – JSX – React Components: functional components, class componentsComponent Life
Cycle - React State – React Props – React Forms – React Events– React Conditionals– React
Lists – React Router – React CSS – Hooks - Custom hook - Create a sample React app.
UNIT - V NOSQL DATABASE 9
Introduction to NoSQL Databases - MongoDB database: Basics - Manipulating and accessing
MongoDB Documents – Client/Server/Database interaction.

TOTAL: 45 PERIODS
 K S R Institute for Engineering and Technology Regulation 2023

COURSE OUTCOMES:
Upon completion of the course, the students will be able to:

Course Blooms
Outcome Description
Taxonomy
Explain the evolution of web technologies and develop responsive
CO1 Understand
web pages using HTML5, CSS3, and Bootstrap.
Apply JavaScript, DOM, and jQuery to create dynamic client-side
CO2 Apply
applications with form validation.
Implement client-server communication using HTTP, REST APIs,
CO3 and Node.js with Express.js. Apply
Develop front-end applications using ReactJS, JSX, React
CO4 Components, React Router, and Hooks. Create
Utilize MongoDB to store, retrieve, and manipulate data in a NoSQL
CO5 environment. Apply

TEXT BOOKS:
Brad Dayley, Brendan Dayley, Caleb Dayley, “Node.js, Mongo DB and Angular JS Web Development”,
1.
2017, 2nd Edition, Addison Wesley - Oreilly, USA.
Vasan Subramanian, “Pro MERN Stack: Full stack web app development”, 2019, 2nd Edition, APress,
2.
Oreilly.
REFERENCES:
Thomas J. Holt, Adam M. Bossler, and Kathryn C. Seigfried-Spellar. 2015. Cybercrime and Digital
1.
Forensics: An Introduction. New York: Routledge. ISBN: 978-1138021303
2. Ethan Brown, “Web Development with Node and Express”, 2019, 2nd Edition, O'Reilly Media Inc
Frank Zammetti, “Modern Full-Stack Development: Type Script, React, Node. JS”, 2020, 1st Edition,
3.
Apress.
4. Ben Frain, “Responsive Web Design with HTML5 and CSS”,Packt Publishing,4th Edition,2020.
Shama Hoque, “Full-Stack React Projects: Modern Web Development Using React, Node.js, Express, and
5.
MongoDB”, Packt Publishing,2nd Edition,2020.

Mapping of COs with POs and PSOs

COs/ POs PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12 PSO1 PSO2
CO1 3 2 2 2 3 - - - - - - 2 3 2
CO2 3 3 2 2 3 - - - - - - 2 3 2
CO3 3 3 3 2 3 - - - - - - 2 3 3
CO4 3 3 3 3 3 - - - - - - 2 3 3
CO5 3 2 3 3 3 - - - - - - 2 3 3
Avg. 3 2.6 2.6 2.4 3 - - - - - - 2 3 2.6
1 - low, 2 - medium, 3 - high, ‘-' - no correlation
 K S R Institute for Engineering and Technology Regulation 2023

Category L T P C
23ITI551 WEB TECHNOLOGIES LABORATORY PCC 0 0 3 1.5
OBJECTIVES:
The Course will enable learners to:
 Develop understanding of the web architecture and web languages.
 Familiarize with web development tools and techniques.
 Illustrate web development environment and methodologies.
 Understand web security concepts and best practices.
 Gain expertise in performance optimization techniques for web applications.
List of Experiments:
1. Design a web page using HTML tags and host in github repository.
2. Design an attractive webpage using style sheets.
3. Design a responsive website using Bootstrap.
4. Design and develop a simple interactive CGPA Calculator webpage using HTML, CSS, and
JavaScript. The webpage should allow users to input their grades and credit hours for multiple
subjects and calculate their CGPA dynamically.
5. Design a web application using HTTP Request and HTTP Response
6. Develop simple login page by performing event handling using GET and POST method.
7. Design a simple calculator using -modules//in Node.js.
8. Design a webpage to maintain personal information using CRUD operations in MongoDB.
9. Suggested domains for Mini-project:
1.Bank Management SystemS, 2. E-Ticketing system, 3. Online Course Registration system
4. Passport Automation System.
TOTAL: 30 PERIODS
COURSE OUTCOMES:
Upon completion of the course, the students will be able to:
Course Blooms
Outcome Description
Taxonomy
Develop interactive and responsive web pages using HTML, CSS
CO1 Applying
and Bootstrap
CO2 Use JavaScript and JQuery to create dynamic web pages Applying
Formulate web applications that employ the MVC architecture and
CO3 Applying
integrate Client and Server using the AJAX.
CO4 Exhibit the working of server-side scripts and open-source databases Applying
Devise sophisticated full stack web applications by combining
CO5 Applying
advanced web frameworks and technologies
 K S R Institute for Engineering and Technology Regulation 2023

Mapping of COs with POs and PSOs

COs/ POs PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12 PSO1 PSO2
CO1 3 2 2 2 3 - - - - - - 2 3 2
CO2 3 3 2 2 3 - - - - - - 2 3 2
CO3 3 3 3 2 3 - - - - - - 2 3 3
CO4 3 3 3 3 3 - - - - - - 2 3 3
CO5 3 2 3 3 3 - - - - - - 2 3 3
Avg. 3 2.6 2.6 2.4 3 - - - - - - 2 3 2.6
1 - low, 2 - medium, 3 - high, ‘-' - no correlation
 K S R Institute for Engineering and Technology Regulation 2023

CYBER CRIMES AND CYBER Category L T P C

23CB1502
LAWS PCC 3 0 0 3
OBJECTIVES:
The Course will enable learners to:
 Define and describe the nature and scope of cybercrime
 Identify and evaluate the specific technology that facilitates cybercrime and digital law
enforcement
 Develop knowledge of major incidents of cybercrime and their resulting impact
 Analyze and discuss national and global digital law enforcement efforts
 Understand Cybersecurity Policies and Ethical Considerations
UNIT - I CYBER CRIMES AND CYBER LAWS 9
Introduction to IT laws & Cyber Crimes – Internet, Hacking, Cracking, Viruses, Virus Attacks,
Pornography, Software Piracy, Intellectual property, Legal System of Information Technology, Social
Engineering, Mail Bombs, Bug Exploits, and Cyber Security etc
UNIT - II CYBER FORENSICS INVESTIGATION 9
Introduction to Cyber Forensic Investigation, Investigation Tools, eDiscovery, Digital Evidence
Collection, Evidence Preservation, E-Mail Investigation, E-Mail Tracking, IP Tracking, E-Mail
Recovery, Encryption and Decryption methods, Search and Seizure of Computers, Recovering deleted
evidences, Password Cracking
UNIT - III CYBER CRIMES & LEGAL FRAMEWORK 9
Cyber Crimes & Legal Framework: Cyber Crimes against Individuals, Institution and State, Hacking,
Digital Forgery, Cyber Stalking/Harassment, Cyber Pornography, Identity Theft & Fraud, Cyber
Terrorism, Cyber Defamation
UNIT - IV JURISDICTIONAL ASPECTS IN CYBER LAW 9
Jurisdictional Aspects in Cyber Law: Issues of jurisdiction in cyberspace, Types of jurisdictions, The
Test evolved: Minimum Contacts Theory, Sliding Scale Theory, Effects Test and International
targeting, Jurisdiction under IT Act, 2000
UNIT - V RIGHT TO PRIVACY AND DATA PROTECTION ON INTERNET 9
Right to Privacy and Data Protection on Internet: Concept of privacy, Threat to privacy on internet,
Self-regulation approach to privacy, Ingredients to decide confidentiality of information, Breach of
sensitive personal information and confidentiality under IT Act and penalties for the same. Right of
Interception under IT Act.
TOTAL: 45 PERIODS
 K S R Institute for Engineering and Technology Regulation 2023

COURSE OUTCOMES:
Upon completion of the course, the students will be able to:

Course Blooms
Outcome Description
Taxonomy
Critically consider specific laws and policies governing cybercrime
CO1 Understand
detection and prosecution.
Critically consider specific laws and policies governing cybercrime
CO2 Understand
detection and prosecution
Demonstrate awareness of global trends in cybercrime and the legal
CO3 responses in various regions Understand

Evaluate the role of ethical hacking and cyber defense strategies in

CO4 preventing cybercrime. Understand
Assess the impact of cybercrime on privacy rights, freedom of
CO5 expression, and data protection regulations. Understand

TEXT BOOKS:
Information Technology Law and Practice- Cyber Laws and Laws Relating to ECommerce, Dr. Vakul
1.
Sharma, Universal Law Publishing
2. Digital Forensic: The Fascinating World of Digital Evidences, Dr. Nilakshi Jain, Wiley
REFERENCES:
Thomas J. Holt, Adam M. Bossler, and Kathryn C. Seigfried-Spellar. 2015. Cybercrime and Digital
1.
Forensics: An Introduction. New York: Routledge. ISBN: 978-1138021303
Matthew Richardson, “Cyber Crime: Law and Practice”,Wildy, Simmonds & Hill Publishing,Second
2.
Edition,2019.
3. Eoghan Casey, “Handbook of Digital Forensics and Investigation”, Academic Press,2009.
Bill Nelson, Amelia Phillips, Christopher Steuart, “Guide to Computer Forensics and
4.
Investigations”,Cengage Learning,Fifth Edition ,2015.
Brian Craig,Cyber Law: “The Law of the Internet and Information Technology”,Pearson, First Edition,
5.
2012.

Mapping of COs with POs and PSOs

COs/ POs PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12 PSO1 PSO2
CO1 3 2 2 1 2 2 1 2 - - - - 3 2
CO2 3 3 3 3 3 2 1 2 - - - - 3 3
CO3 3 3 3 3 3 2 1 2 2 1 - - 3 3
CO4 3 3 3 3 3 3 2 2 2 2 1 1 3 3
CO5 3 3 3 3 3 3 2 2 3 3 2 2 3 3
Avg. 3 2.8 2.8 2.6 2.8 2.4 1.4 2 2.2 2 1 1 3 2.8
1 - low, 2 - medium, 3 - high, ‘-' - no correlation
 K S R Institute for Engineering and Technology Regulation 2023

FUNDAMENTALS OF ETHICAL Category L T P C

23CB1601
HACKING PCC 3 0 0 3
OBJECTIVES:
The Course will enable learners to:
 Understand the basics of computer-based vulnerabilities.
 Explore different foot printing, reconnaissance and scanning methods.
 Expose the enumeration and vulnerability analysis methods.
 Understand hacking options available in Web and wireless applications.
 Explore the options for network protection.
 Practice tools to perform ethical hacking to expose the vulnerabilities.
UNIT I INTRODUCTION 6
Ethical Hacking Overview - Role of Security and Penetration Testers.- Penetration-Testing
Methodologies- Laws of the Land - Overview of TCP/IP- The Application Layer - The Transport Layer -
The Internet Layer - IP Addressing .- Network and Computer Attacks - Malware - Protecting Against
Malware Attacks.- Intruder Attacks - Addressing Physical Security.

FOOT PRINTING, RECONNAISSANCE AND SCANNING 6

UNIT II
NETWORKS
Footprinting Concepts - Footprinting through Search Engines, Web Services, Social Networking Sites,
Website, Email - Competitive Intelligence - Footprinting through Social Engineering - Footprinting Tools
- Network Scanning Concepts - Port-Scanning Tools - Scanning Techniques - Scanning Beyond IDS and
Firewall.
UNIT III ENUMERATION AND VULNERABILITY ANALYSIS 6
Enumeration Concepts - NetBIOS Enumeration – SNMP, LDAP, NTP, SMTP and DNS Enumeration -
Vulnerability Assessment Concepts - Desktop and Server OS Vulnerabilities - Windows OS
Vulnerabilities - Tools for Identifying Vulnerabilities in Windows- Linux OS Vulnerabilities-
Vulnerabilities of Embedded Oss.
UNIT IV SYSTEM HACKING 6
Hacking Web Servers - Web Application Components- Vulnerabilities - Tools for Web Attackers and
Security Testers Hacking Wireless Networks - Components of a Wireless Network – Wardriving-
Wireless Hacking - Tools of the Trade.
UNIT V NETWORK PROTECTION SYSTEMS 6
Access Control Lists. - Cisco Adaptive Security Appliance Firewall - Configuration and Risk Analysis
Tools for Firewalls and Routers - Intrusion Detection and Prevention Systems - Network- Based and Host-
Based IDSs and IPSs - Web Filtering - Security Incident Response Teams – Honeypots.

TOTAL: 30 PERIODS
 K S R Institute for Engineering and Technology Regulation 2023
COURSE OUTCOMES:
Upon completion of the course, the students will be able to:

Course Blooms
Outcome Description
Taxonomy
Knowledge on basics of computer-based vulnerabilities have to be
CO1 Understanding
expressed
Understanding on different foot printing, reconnaissance and
CO2 Understanding
scanning methods.
CO3 Demonstrating the enumeration and vulnerability analysis methods Applying
Knowledge on hacking options available in Web and wireless
CO4 Applying
applications has to be gained.
Knowledge on the options for network protection has to be gained
CO5 and the use of tools to perform ethical hacking to expose the Applying
vulnerabilities
TEXT BOOKS:
Michael T. Simpson, Kent Backman, and James E. Corley, Hands-On Ethical Hacking and Network
1.
Defense, Course Technology, Delmar Cengage Learning, 2010.
2. The Basics of Hacking and Penetration Testing - Patrick Engebretson, SYNGRESS, Elsevier, 2013.
The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, Dafydd Stuttard and
3.
Marcus Pinto, 2011.
REFERENCES:
1. Black Hat Python: Python Programming for Hackers and Pentesters, Justin Seitz, 2014.
CEHv9CertifiedEthicalHackerVersion9(https://github.com/Yadav97/cyberSecurity/blob/master/CEH%20
2.
v9%20Certified%20Ethic al%20Hacker%20Version%209.pdf)
3. CEH v10 Certified Ethical Hacker Version 1
4. CEH v11 Certified Ethical Hacker Version 11
VIDEO LINKS:
1. https://youtu.be/t8nwQ6At0CU
2. https://www.google.com/search?q=nptel+vedio+links+for+ethical+hacking&rlz=1C1CHBD_
enIN875IN875&oq=nptel+vedio+links+for+ethical+hacking&aqs=chrome..69i57j33i10i160l
2.26504j0j7&sourceid=chrome&ie=UTF-8#fpstate=ive&vld=cid:e056b85d,vid:a1xQq60EtJc

Mapping of COs with POs and PSOs

COs/ POs PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12 PSO1 PSO2
CO1 2 2 3 2 1 - - - 1 2 2 1 1 2
CO2 1 2 1 2 1 - - - 2 2 1 1 1 2
CO3 2 2 3 3 1 - - - 1 2 1 2 2 3
CO4 2 1 1 2 1 - - - 1 3 3 3 3 2
CO5 2 3 1 1 2 - - - 2 1 1 1 1 1
Avg. 1.8 2 1.8 2 1.2 - - - 1.4 2 1.6 1.6 2 2
1 - low, 2 - medium, 3 - high, ‘-' - no correlation
 K S R Institute for Engineering and Technology Regulation 2023

Category L T P C
FUNDAMENTALS OF ETHICAL
23CB1621 PCC 0 0 3 1.5
HACKING LABORATORY
OBJECTIVES:
The Course will enable learners to:
 Understand the basics of computer-based vulnerabilities.
 Explore different foot printing, reconnaissance and scanning methods.
 Expose the enumeration and vulnerability analysis methods.
 Understand hacking options available in Web and wireless applications.
 Explore the options for network protection
 Practice tools to perform ethical hacking to expose the vulnerabilities
List of Experiments:
1. Install Kali or Backtrack Linux / Metasploitable/ Windows XP
2. Practice the basics of reconnaissance.
3. Using FOCA / SearchDiggity tools, extract metadata and expanding the target list.
4. Aggregates information from public databases using online free tools like Paterva’s Maltego.
5. Information gathering using tools like Robtex
6. Scan the target using tools like Nessus
7. View and capture network traffic using Wireshark – 147
8. Automate dig for vulnerabilities and match exploits using Armitage FOCA
TOTAL: 30 PERIODS
COURSE OUTCOMES:
Upon completion of the course, the students will be able to:
Course Blooms
Outcome Description
Taxonomy
Knowledge on basics of computer-based vulnerabilities have to be
CO1 Understanding
expressed
Understanding on different foot printing, reconnaissance and
CO2 Understanding
scanning methods.
CO3 Demonstrating the enumeration and vulnerability analysis methods Applying
Knowledge on hacking options available in Web and wireless
CO4 Applying
applications has to be gained.
Knowledge on the options for network protection has to be gained
CO5 and the use of tools to perform ethical hacking to expose the Applying
vulnerabilities

Mapping of COs with POs and PSOs

COs/ POs PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12 PSO1 PSO2
CO1 2 2 3 2 1 - - - 1 2 2 1 1 2
CO2 1 2 1 2 1 - - - 2 2 1 1 1 2
CO3 2 2 3 3 1 - - - 1 2 1 2 2 3
CO4 2 1 1 2 1 - - - 1 3 3 3 3 2
CO5 2 3 1 1 2 - - - 2 1 1 1 1 1
Avg. 1.8 2 1.8 2 1.2 - - - 1.4 2 1.6 1.6 2 2
1 - low, 2 - medium, 3 - high, ‘-' - no correlation
 K S R Institute for Engineering and Technology Regulation 2023

ENGINEERING SECURE SOFTWARE Category L T P C

23CB1602
SYSTEMS PCC 2 0 2 3
OBJECTIVES:
The Course will enable learners to:
 Understand the software development process, agile methodologies, and their impact on
modern software development.
 Explore software testing strategies and techniques for ensuring software quality and reliability.
 Analyze software security threats, vulnerabilities, and low-level attacks in software systems.
 Study secure software design principles, risk management, and security best practices.
 Learn security testing techniques, penetration testing, and secure project management
frameworks.
SOFTWARE DEVELOPMENT PROCESS & AGILE
UNIT I 6
METHODOLOGIES
Introduction Software Process & Models - Overview of Software Process & Process Structure - Software
Development Models: Waterfall Model, Incremental Model, Evolutionary Model - Requirement
Engineering & Requirement Elicitation - Basic Requirement Modeling Techniques - Introduction to
Software Design Concepts - Agile Principles & Scrum Framework - Agile Values & 12 Agile Principles
- Introduction to Scrum & Self-Organizing Teams.
UNIT II SOFTWARE TESTING STRATEGIES & TECHNIQUES 6
Fundamentals of Software Testing: Importance of Software Testing - Software Testing Life Cycle
(STLC) - Validation & System Testing - Debugging Techniques - Testing Strategies & Approaches:
White Box Testing: Basis Path Testing, Control Structure Testing - Black Box Testing: Functional
Testing, Equivalence Partitioning, Boundary Value Analysis - Test Strategies for Conventional & Object-
Oriented Software
UNIT III SOFTWARE SECURITY & LOW-LEVEL ATTACKS 6
Introduction to Software Security - Software Assurance and Software Security - Threats to Software
Security - Sources of Software Insecurity - Benefits of Detecting Software Security Issues - Memory-
Based Attacks: Low-Level Attacks Against Heap and Stack - Defense Mechanisms Against Memory-
Based Attacks
UNIT IV SECURE SOFTWARE DESIGN & RISK MANAGEMENT 6
Secure Software Design: Requirements Engineering for Secure Software - SQUARE Process Model -
Requirements Elicitation and Prioritization - Risk Management: Risk Management Life Cycle - Risk
Evaluation and Mitigation - Threat and Vulnerability Management

UNIT V SECURITY TESTING & PROJECT MANAGEMENT 6

Security Testing: Secure Software Development Life Cycle (SSDLC) - Risk-Based Security Testing and
Prioritizing Security Testing with Threat Modeling - Penetration Testing: Planning, Scoping,
Enumeration, Exploitation - Secure Project Management: Governance and Security - Enterprise Software
Security Frameworks - Security Integration in Project Management
TOTAL: 30 PERIODS
 K S R Institute for Engineering and Technology Regulation 2023

COURSE OUTCOMES:
Upon completion of the course, the students will be able to:

Course Blooms
Outcome Description
Taxonomy
Understand and apply different software development models and
CO1 agile methodologies to software engineering projects. Understanding
Demonstrate knowledge of software testing strategies and techniques,
CO2 including white-box and black-box testing, for quality assurance. Understanding
Analyze software security threats and low-level attacks such as
CO3 memory-based vulnerabilities, and explore defense mechanisms. Analyzing
Implement secure software design principles and risk management
CO4 strategies to enhance software security Applying
Conduct security testing, including penetration testing and risk-based
CO5 security evaluation, and integrate security practices in project Applying
management.
TEXT BOOKS:
Roger S.Pressman & Bruce R.Maxim, "Software Engineering: A Practitioner‘s Approach", 8th Edition,
1.
McGraw-Hill Education, 2019.
2. Julia H. Allen, “Software Security Engineering”, Pearson Education, 2008
REFERENCES:
Andrew Stellman and Jennifer Greene, “Learning Agile: Understanding Scrum, XP, Lean, and Kanban”,
1.
First Edition, O’Reilly
2. Ian Sommerville, “Software Engineering”,10th Edition, Pearson Education,2014
Evan Wheeler, “Security Risk Management: Building an Information Security Risk Management
3.
Program from the Ground Up”, First edition, Syngress Publishing, 2011
Chris Wysopal, Lucas Nelson, Dino Dai Zovi, and Elfriede Dustin, “The Art of Software Security
4.
Testing: Identifying Software Security Flaws (Symantec Press)”, Addison-Wesley Professional, 2006
Robert C. Seacord, “Secure Coding in C and C++ (SEI Series in Software Engineering)”, Addison-
5.
Wesley Professional, 2005.

Mapping of COs with POs and PSOs

COs/ POs PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12 PSO1 PSO2
CO1 3 2 2 2 3 1 - - - 2 2 2 3 2
CO2 3 2 2 3 3 2 - - - 2 3 2 3 3
CO3 3 3 3 3 3 3 - 2 2 3 3 3 3 3
CO4 3 3 3 3 3 3 - 2 2 3 3 3 3 3
CO5 3 3 3 3 3 3 - 3 2 3 3 3 3 3
Avg. 3 2.6 2.6 2.8 3 2.4 - 2.3 2 2.6 2.8 2.6 3 2.8
1 - low, 2 - medium, - high, ‘-' - no correlation
 K S R Institute for Engineering and Technology Regulation 2023

Category L T P C
23CB1622 ENGINEERING SECURE SOFTWARE
SYSTEMS LABORATORY PCC 0 0 3 1.5
OBJECTIVES:
The Course will enable learners to:
 Understand the importance of requirements management and UML modeling tools in software
development.
 Analyze and demonstrate web security vulnerabilities, including SQL Injection, Buffer Overflow,
and Cross-Site Scripting (XSS).
 Explore penetration testing techniques using Kali Linux and other security tools to identify system
vulnerabilities.
 Implement secure coding practices by developing and testing security-focused test cases.
 Apply ethical hacking principles to assess and improve software security.
List of Experiments:
1. Study of the requirements management tool e.g. (Requistepro) and create
requirements document for a given application scenario.
2. Study of UML diagramming tool(e.g.ArgoUML) and create UML models for a
given application scenario.
3. Implement the SQL injection attack.
4. Implement the Buffer Overflow attack.
5. Implement Cross Site Scripting and Prevent XSS.
6. Perform Penetration testing on a web application to gather information about the
system, then initiate XSS and SQL injection attacks using tools like Kali Linux.
7. Develop and test the secure test cases
8. Penetration test using kali Linux
TOTAL: 30 PERIODS
COURSE OUTCOMES:
Upon completion of the course, the students will be able to:
Course Blooms
Outcome Description
Taxonomy
Apply requirements management and UML modeling tools to
CO1 Applying
document and design software applications.
Analyze and demonstrate SQL Injection, Buffer Overflow, and
CO2 Analyzing
Cross-Site Scripting (XSS) attacks.
Evaluate security vulnerabilities in web applications through
CO3 Evaluating
penetration testing using Kali Linux.
Develop secure test cases to mitigate software security threats and
CO4 Creating
improve system reliability.
Implement security mechanisms and ethical hacking techniques to
CO5 Applying
enhance software security.
 K S R Institute for Engineering and Technology Regulation 2023

Mapping of COs with POs and PSOs

COs/ POs PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12 PSO1 PSO2
CO1 3 2 2 2 3 1 - - - 2 2 2 3 2
CO2 3 3 3 3 3 2 - 2 - 2 3 2 3 3
CO3 3 3 3 3 3 3 - 3 2 3 3 3 3 3
CO4 3 3 3 3 3 3 - 2 2 3 3 3 3 3
CO5 3 3 3 3 3 3 - 2 2 3 3 3 3 3
Avg. 3 2.8 2.8 2.8 3 2.4 - 2.2 2 2.6 2.8 2.8 3 2.8
1 - low, 2 - medium, 3 - high, ‘-' - no correlation