Module title: Secure Software Development

SCQF level: 10:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: SET10613
Module leader: Zakwan Jaroucheh
School School of Computing
Subject area group: Software Engineering
Prerequisites

Module Code SET09603
Module Title Advanced Web Development
Examples of Equivalent Learning Experience in object-oriented high-level programming language and web-based programming languages and frameworks.

2019/0, Trimester 1, FACE-TO-FACE,
Occurrence: 002
Primary mode of delivery: FACE-TO-FACE
Location of delivery: MYANMAR
Partner:
Member of staff responsible for delivering module: Zakwan Jaroucheh
Module Organiser:


Learning, Teaching and Assessment (LTA) Approach:
The module will be introduced by an Edinburgh Napier lecturer who will deliver an initial 25 hours of lectures, practical work and
tutorials. The additional hours will be delivered by our partner Info Myanmar College (IMC). The module will run over 5
consecutive weeks with the later four weeks being delivered by IMC staff. Lectures are used to introduce underlying principles
and the practical and tutorial work is used to broaden & develop deeper understanding of the subject area. This is mixed with
student-centred work, such as research questions and online exercises, as well as group activities such as discussion groups,
group presentation exercises, and peer review.
A core lecture series will introduce concepts, theories, and practices in secure software design. Lectures will include demos of
techniques and seminar style workshops as appropriate to the topic being covered. This will allow the students to engage with
the core material in a deeper and more active manner. (LO1, LO2, LO4, LO5).
The practical sessions will be a series of hands-on labs which will prepare students for the coursework and to practice the
ideas put forward in the exams. The aim is that students build software systems and analyse them against the security
requirements defined (LO1 – LO4).
As the module is delivered in a block over 5 consecutive weeks, standard Academic Calendar weeks and trimesters are not
applicable for the tables below.


Formative Assessment:
To support formative feedback, the Software Engineering subject group utilise a lab based teaching approach across their
provision. During these lab sessions, ENU and IMC staff will discuss and evaluate student progress and provide feedback on
how well they are progressing with their work. All modules in the subject group also require students to demonstrate their
coursework on submission to provide further formative feedback on how the work could be improved.


Summative Assessment:
Summative assessment takes place via an exam (LOs 3-5) and a coursework (LOs 1-4). The coursework will require students
to demonstrate both practical and theoretical concepts of secure software development. This will include the delivery of a
software solution, demonstration and explanation of the code produced, and the writing of a supporting report. The practical
classes are designed to support this.


Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Lecture 24
Face To Face Practical classes and workshops 48
Independent Learning Guided independent study 66
Face To Face Supervised time in studio/workshop 62
Total Study Hours200
Expected Total Study Hours for Module200


Assessment
Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Project - Practical 60 1-4 1 HOURS= 60, WORDS= 0
Class Test 40 3-5 1 HOURS= 2, WORDS= 0
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100
2019/0, Trimester 2, FACE-TO-FACE,
Occurrence: 001
Primary mode of delivery: FACE-TO-FACE
Location of delivery: MYANMAR
Partner:
Member of staff responsible for delivering module: Zakwan Jaroucheh
Module Organiser:


Learning, Teaching and Assessment (LTA) Approach:
The module will be introduced by an Edinburgh Napier lecturer who will deliver an initial 25 hours of lectures, practical work and
tutorials. The additional hours will be delivered by our partner Info Myanmar College (IMC). The module will run over 5
consecutive weeks with the later four weeks being delivered by IMC staff. Lectures are used to introduce underlying principles
and the practical and tutorial work is used to broaden & develop deeper understanding of the subject area. This is mixed with
student-centred work, such as research questions and online exercises, as well as group activities such as discussion groups,
group presentation exercises, and peer review.
A core lecture series will introduce concepts, theories, and practices in secure software design. Lectures will include demos of
techniques and seminar style workshops as appropriate to the topic being covered. This will allow the students to engage with
the core material in a deeper and more active manner. (LO1, LO2, LO4, LO5).
The practical sessions will be a series of hands-on labs which will prepare students for the coursework and to practice the
ideas put forward in the exams. The aim is that students build software systems and analyse them against the security
requirements defined (LO1 – LO4).
As the module is delivered in a block over 5 consecutive weeks, standard Academic Calendar weeks and trimesters are not
applicable for the tables below.


Formative Assessment:
To support formative feedback, the Software Engineering subject group utilise a lab based teaching approach across their
provision. During these lab sessions, ENU and IMC staff will discuss and evaluate student progress and provide feedback on
how well they are progressing with their work. All modules in the subject group also require students to demonstrate their
coursework on submission to provide further formative feedback on how the work could be improved.


Summative Assessment:
Summative assessment takes place via an exam (LOs 3-5) and a coursework (LOs 1-4). The coursework will require students
to demonstrate both practical and theoretical concepts of secure software development. This will include the delivery of a
software solution, demonstration and explanation of the code produced, and the writing of a supporting report. The practical
classes are designed to support this.


Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Lecture 24
Face To Face Practical classes and workshops 48
Independent Learning Guided independent study 66
Face To Face Supervised time in studio/workshop 62
Total Study Hours200
Expected Total Study Hours for Module200


Assessment
Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Project - Practical 60 1-4 1 HOURS= 60, WORDS= 0
Class Test 40 3-5 1 HOURS= 2, WORDS= 0
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100

Description of module content:

12. Module Content
The aim of this module is to teach the theory and practice of secure software development in the context of managed languages (e.g. Java and C#) and in web-based solutions (e.g. JavaScript and online data sources). As such, the module will cover both managed software development and web-based software development, and how we can integrate security throughout the Software Development Lifecycle (SDLC). An indicative list of the topics includes:

Secure software – The SDLC and security, security architectures, legacy systems
Web Technologies – including overview, Server configuration, HTTP, Web services, Authentication mechanisms, Session management
Software vulnerabilities – including OWASP Top 10, common coding errors
Web application security – including XXS, CSRF, Authentication bypass, XXE
Database Security – SQLi
Server-side and Client-side Security – including preventing client and server attacks

Data validation – including input validation, encoding, parameterised queries
Encryption - including certificates, and Architectures such as JCA
Security Testing
Source Code Review – including Code Analysis Tools

Learning Outcomes for module:

Upon completion of this module you will be able to
LO1: Construct a software system in a managed programming language to meet secure software requirements.
LO2: Construct a software system using web technologies to meet secure software requirements.
LO3: Evaluate software systems through a formal process to examine its security capabilities.
LO4: Integrate secure software practices into a software development lifecycle.
LO5: Critically reflect on secure software requirements.

Indicative References and Reading List - URL:
Contact your module leader