Core Module Information
Module title: Secure Software Development

SCQF level: 10:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: SET10113
Module leader: Ashkan Sami
School School of Computing, Engineering and the Built Environment
Subject area group: Computer Science

Requisites: AND Pre-requisite: Experience in object-oriented high-level programming language. AND AND Pre-requisite: [Module CSN08114] Scripting for Cybersecurity and Networks AND Pre-requisite: [Module SET08119] Object Oriented Software Development

Description of module content:

The aim of this module is to teach the theory and practice of secure software development in the context of managed languages (e.g. Java and C#) and in web-based solutions (e.g. JavaScript and online data sources). As such the module will cover both managed software development and web-based software development, and how we can integrate security throughout the Software Development Lifecycle (SDLC). An indicative list of the topics includes:Secure software – The SDLC and security, security architectures, legacy systemsWeb Technologies – including overview, Server configuration, HTTP, Web services, Authentication mechanisms, Session managementSoftware vulnerabilities – including OWASP Top 10, common coding errorsWeb application security – including XXS, CSRF, Authentication bypass, XXEDatabase Security – SQLiServer-side and Client-side Security – including preventing client and server attacksData validation – including input validation, encoding, parameterised queriesEncryption - including certificates, and Architectures such as JCASecurity Testing Source Code Review – including Code Analysis Tools

Learning Outcomes for module:

Upon completion of this module you will be able to

LO1: Construct a software system in a managed programming language to meet secure software requirements.

LO2: Construct a software system using web technologies to meet secure software requirements.

LO3: Evaluate software systems through a formal process to examine its security capabilities.

LO4: Integrate secure software practices into a software development lifecycle.

LO5: Critically reflect on secure software requirements.

Full Details of Teaching and Assessment
2023/4, Trimester 2, In Person,
Occurrence: 001
Primary mode of delivery: In Person
Location of delivery: MERCHISTON
Member of staff responsible for delivering module: Zakwan Jaroucheh
Module Organiser:

Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Lecture 24
Face To Face Practical classes and workshops 48
Face To Face Centrally Time Tabled Examination 2
Online Guided independent study 126
Total Study Hours200
Expected Total Study Hours for Module200

Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Centrally Time Tabled Examination 40 3~4~5 Exam Period HOURS= 2
Project - Practical 60 1~2~3~4 Week 13 HOURS= 60
Component 1 subtotal: 60
Component 2 subtotal: 40
Module subtotal: 100

Indicative References and Reading List - URL:
Contact your module leader