Core Module Information
Module title: Secure Software Development

SCQF level: 10:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: SET10713
Module leader: Zakwan Jaroucheh
School School of Computing, Engineering and the Built Environment
Subject area group: Computer Science

Module Code SET08701 / SET08702
Module Title C++ Programming / Web Technologies
Examples of Equivalent Learning Experience in object-oriented high-level programming language and web-based programming languages and frameworks

Description of module content:

12. Module Content
The aim of this module is to teach the theory and practice of secure software development in the context of managed languages (e.g. Java and C#) and in web-based solutions (e.g. JavaScript and online data sources). As such, the module will cover both managed software development and web-based software development, and how we can integrate security throughout the Software Development Lifecycle (SDLC). An indicative list of the topics includes:

Secure software – The SDLC and security, security architectures, legacy systems
Web Technologies – including overview, Server configuration, HTTP, Web services, Authentication mechanisms, Session management
Software vulnerabilities – including OWASP Top 10, common coding errors
Web application security – including XXS, CSRF, Authentication bypass, XXE
Database Security – SQLi
Server-side and Client-side Security – including preventing client and server attacks

Data validation – including input validation, encoding, parameterised queries
Encryption - including certificates, and Architectures such as JCA
Security Testing
Source Code Review – including Code Analysis Tools

Learning Outcomes for module:

Upon completion of this module you will be able to
LO1: Construct a software system in a managed programming language to meet secure software requirements.
LO2: Construct a software system using web technologies to meet secure software requirements.
LO3: Evaluate software systems through a formal process to examine its security capabilities.
LO4: Integrate secure software practices into a software development lifecycle.
LO5: Critically reflect on secure software requirements.

Full Details of Teaching and Assessment
2022/3, Trimester 2, FACE-TO-FACE,
Occurrence: 001
Primary mode of delivery: FACE-TO-FACE
Location of delivery: UK PARTNER
Member of staff responsible for delivering module: Zakwan Jaroucheh
Module Organiser:

Learning, Teaching and Assessment (LTA) Approach:
The delivery is flexible, with a number of face to face workshops, running within a UK Higher Apprenticeship scheme. Apprentices will have to work in their own time for the majority of the module, supported via distance learning techniques. Face to Face workshops gives apprentices time to discuss material in a group, and engage on group learning activities as well as review independent learning activities. The core delivery will introduce concepts, theories, and practices in secure software design. Lecture-style presentations will include demos of techniques and seminar style workshops as appropriate to the topic being covered. This will allow the students to engage with the core material in a deeper and more active manner. (LO1, LO2, LO4, LO5).

The practical sessions will be a series of hands-on labs which will prepare students for the coursework and to practice the ideas put forward in the exams. The aim is that students build software systems and analyse them against the security requirements defined (LO1 – LO4).

Formative Assessment:
To support formative feedback, the Software Engineering subject group utilise a lab based teaching approach across their provision. Supported by flexible learning techniques, backed up by workshop events. Using a number of face to face and remote support techniques, staff will discuss and evaluate student progress and provide feedback on how well they are progressing with their work. All modules in the subject group also require students to demonstrate their coursework on submission to provide further formative feedback on how the work could be improved.

Summative Assessment:
Summative assessment takes place via an exam (LOs 3-5) and a coursework (LOs 1-4), both of which occur at the end of the module. The coursework will require students to demonstrate both practical and theoretical concepts of secure software development. This will include the delivery of a software solution, demonstration and explanation of the code produced, and the writing of a supporting report. The practical classes are designed to support this.

Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Practical classes and workshops 18
Face To Face Supervised time in studio/workshop 2
Independent Learning Guided independent study 180
Total Study Hours200
Expected Total Study Hours for Module200

Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Project - Practical 60 1-4 4 HOURS= 60, WORDS= 0
Class Test 40 3,5 4 HOURS= 2, WORDS= 0
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100

Indicative References and Reading List - URL:
Contact your module leader