Core Module Information
Module title: Secure Software Development

SCQF level: 10:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: SET10113
Module leader: Ashkan Sami
School School of Computing, Engineering and the Built Environment
Subject area group: Computer Science
Prerequisites

Requisites: AND Pre-requisite: Experience in object-oriented high-level programming language. AND AND Pre-requisite: [Module CSN08114] Scripting for Cybersecurity and Networks AND Pre-requisite: [Module SET08119] Object Oriented Software Development

Description of module content:

The aim of this module is to teach the theory and practice of secure software development in the context of languages and in web-based solutions (e.g. JavaScript and online data sources). As such the module will cover both managed software development and web-based software development, and how we can integrate security throughout the Software Development Lifecycle (SDLC). An indicative list of the topics includes:Secure software – The SDLC and security, security architectures, legacy systemsWeb Technologies – including overview, Server configuration, HTTP, Web services, Authentication mechanisms, Session managementSoftware vulnerabilities – including OWASP Top 10, common coding errorsWeb application security – including XXS, CSRF, Authentication bypass, XXEDatabase Security – SQLiServer-side and Client-side Security – including preventing client and server attacksData validation – including input validation, encoding, parameterised queriesEncryption - including certificates, and Architectures such as JCASecurity Testing Source Code Review – including Code Analysis Tools

Learning Outcomes for module:

Upon completion of this module you will be able to

LO1: Construct a software system using web technologies to meet secure software requirements.

LO2: Construct a software system in a programming language to meet secure software requirements.

LO3: Critically reflect on secure software requirements.

LO4: Integrate secure software practices into a software development lifecycle.

LO5: Evaluate software systems through a formal process to examine its security capabilities.

Full Details of Teaching and Assessment
2024/5, Trimester 2, In Person,
VIEW FULL DETAILS
Occurrence: 001
Primary mode of delivery: In Person
Location of delivery: MERCHISTON
Partner:
Member of staff responsible for delivering module: Ashkan Sami
Module Organiser:


Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)NESH Description
Face To Face Lecture 20 LECTURE- The lectures cover web and application development, secure design principles, CWEs, CVEs and standards of secure coding and application development each lasting for 2 hours.
Face To Face Practical classes and workshops 20 The practical sessions provide hands-on learning experiences for students, allowing them to perform various activities related to secure software development. These include running their vulnerable code and securing it while testing experiments in a safe environment, which is set up to run on ENU servers or their own machines.
Online Guided independent study 160 A learning approach where students take responsibility for their own learning process, with support and direction from academics through tutorials and research assessments. This method combines the independence of self-directed study with the guidance of a structured framework provided by academic staff.
Total Study Hours200
Expected Total Study Hours for Module200


Assessment
Type of Assessment Weighting % LOs covered Week due Length in Hours/Words Description
Project - Practical 30 1~2 Week 8 HOURS= Max 7 pages. Project - PracticalCoursework 1 is designed to focuses on foundational LO1 and LO2, specifically the knowledge of secure coding and building secure software or web applications. In addition, students also present their plan for CW 2, allowing them to receive early feedback on their intended approach.
Project - Practical 70 1~2~3~4~5 Week 13 HOURS= Max 13 pages Coursework 2 involves a more comprehensive presentation of secure software development practices. Building on the foundations of CW 1, students introduce and assess new security flaws, discuss the implications of these, demonstrate the full SDLC life cycle and finally mitigate them also. They are expected to conduct research on the topic, critically evaluate their work, and present an extensive analysis of the secure system they are presenting. Thus, CW 2 is a comprehensive, research-informed approach to secure system design, development, and formal assessment. Assessment will be based on report and demonstration.
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100

Indicative References and Reading List - URL:
Contact your module leader