Module title: Secure Software Development


SCQF level: 10:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: SET10113
Module leader: Zakwan Jaroucheh
School School of Computing
Subject area group: Software Engineering
Prerequisites

Module Code SET08119 or CSN08114
Module Title Object-oriented Software Development or Scripting for Cybersecurity and Networks
Examples of Equivalent Learning Experience in object-oriented high-level programming language.

2019/0, Trimester 2, FACE-TO-FACE,
Occurrence: 001
Primary mode of delivery: FACE-TO-FACE
Location of delivery: MERCHISTON
Partner:
Member of staff responsible for delivering module: Zakwan Jaroucheh
Module Organiser:


Learning, Teaching and Assessment (LTA) Approach:
A core lecture series will introduce concepts, theories, and practices in secure software design. Lectures will include demos of techniques and seminar style workshops as appropriate to the topic being covered. This will allow the students to engage with the core material in a deeper and more active manner. (LO1, LO2, LO4, LO5).

The practical sessions will be a series of hands-on labs which will prepare students for the coursework and to practice the ideas put forward in the exams. The aim is that students build software systems and analyse them against the security requirements defined (LO1 – LO4).


Formative Assessment:
To support formative feedback, the Software Engineering subject group utilise a lab-based teaching approach across their provision. During these lab sessions, staff will discuss and evaluate student progress and provide feedback on how well they are progressing with their work. All modules in the subject group also require students to demonstrate their coursework on submission to provide further formative feedback on how the work could be improved.

Summative Assessment:
Summative assessment takes place via an exam (LOs 3-5) and a coursework (LOs 1-4). The coursework will require students to demonstrate both practical and theoretical concepts of secure software development. This will include the delivery of a software solution, demonstration and explanation of the code produced, and the writing of a supporting report. The practical classes are designed to support this.

Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Lecture 24
Face To Face Practical classes and workshops 48
Face To Face Centrally Time Tabled Examination 2
Independent Learning Guided independent study 126
Total Study Hours200
Expected Total Study Hours for Module200


Assessment
Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Project - Practical 60 1-4 13 HOURS= 60, WORDS= 0
Centrally Time Tabled Examination 40 3-5 14/15 HOURS= 2, WORDS= 0
Component 1 subtotal: 60
Component 2 subtotal: 40
Module subtotal: 100

Description of module content:

The aim of this module is to teach the theory and practice of secure software development in the context of managed languages (e.g. Java and C#) and in web-based solutions (e.g. JavaScript and online data sources). As such the module will cover both managed software development and web-based software development, and how we can integrate security throughout the Software Development Lifecycle (SDLC). An indicative list of the topics includes:

Secure software – The SDLC and security, security architectures, legacy systems
Web Technologies – including overview, Server configuration, HTTP, Web services, Authentication mechanisms, Session management
Software vulnerabilities – including OWASP Top 10, common coding errors
Web application security – including XXS, CSRF, Authentication bypass, XXE
Database Security – SQLi
Server-side and Client-side Security – including preventing client and server attacks
Data validation – including input validation, encoding, parameterised queries
Encryption - including certificates, and Architectures such as JCA
Security Testing
Source Code Review – including Code Analysis Tools

Learning Outcomes for module:

Upon completion of this module you will be able to
LO1: Construct a software system in a managed programming language to meet secure software requirements.
LO2: Construct a software system using web technologies to meet secure software requirements.
LO3: Evaluate software systems through a formal process to examine its security capabilities.
LO4: Integrate secure software practices into a software development lifecycle.
LO5: Critically reflect on secure software requirements.

Indicative References and Reading List - URL:

Please contact your Module Leader for details
Click here to view the LibrarySearch.