Requisites: OR Pre-requisite: CSN08414 and SET08401 AND AND Pre-requisite: Experience in object-oriented high-level programming language, and Web-based programming languages. AND Pre-requisite: [Module SET08408] Object Oriented Software Development

The aim of this module is to teach the theory and practice of secure software development in the context of managed languages (e.g. Java and C#) and in web-based solutions (e.g. JavaScript and online data sources). As such the module will cover both managed software development and web-based software development, and how we can integrate security throughout the Software Development Lifecycle (SDLC). An indicative list of the topics includes:• Common Web vulnerabilities (e.g. XSS, CSRF, SQL Injection) and the corresponding countermeasures.• Log management & intrusion detection mechanisms.• Securing data at rest and in transit.• Authentication and session management.• JSON Web Tokens.• Race condition and safe-IO.• Secure SDLC and security testing.

Upon completion of this module you will be able to

LO1: Construct a software system in a managed programming language to meet secure software requirements.

LO2: Construct a software system using web technologies to meet secure software requirements.

LO3: Evaluate software systems through a formal process to examine its security capabilities.

LO4: Integrate secure software practices into a software development lifecycle.

LO5: Critically reflect on secure software requirements.