SECURE SOFTWARE DEVELOPMENT

SHE Level 4
SCQF Credit Points 20.00
ECTS Credit Points 10.00
Module Code MHI325642
Module Leader n/a
School School of Computing, Engineering and Built Environment
Subject Cyber Security and Networks
Trimester
  • B (January start)

Pre-Requisite Knowledge

Programming 2, Database Development, Fundamentals Software Engineering or equivalent

Summary of Content

Poor software design is at the core of many software vulnerabilities. This module equips students with deep knowledge and understanding of the risk to information security and the principles and skills of building secure software systems. Security is considered throughout the software development life cycle. Students examine the technologies that underpin software security and develop advanced skills in testing software for vulnerabilities and applying secure programming techniques.

Syllabus

Secure Software Design Principles: securing the weakest link, defense in depth, diversity in defense, failing securely, least privilege, economy of mechanism, complete mediation, open design, separation of privilege, least common mechanism, psychological acceptability, fail-safe defaults. Security objectives including authentication, authorization, access control, data integrity and non-repudiation. Fundamentals of cryptography: symmetrical and asymmetrical encryption, e.g. Key exchange protocols, public key infrastructure (PKI) systems, digital signatures, Transport Layer Security, secure hash algorithms, and appropriate modern techniques. Secure Software Development Lifecycle: secure software requirements, secure software design, and secure programming principles, security testing and secure deployment.Secure Programming Practices: input validation, output encoding, authentication and password management, session management, access control, cryptographic practices, error handling and logging, data protection, communication security, system configuration, database security, file management, memory management.The use of off-the-shelf tools to analyse and secure software.

Learning Outcomes

On completion of this module students should be able to:1 - Demonstrate a detailed understanding of security design principles.2 - Critically appraise the security objectives for the development of software solutions.3 - Critically evaluate the technologies that underpin software security.4 - Apply secure programming practices and the secure software development lifecycle in the implementation of a software solution.

Teaching / Learning Strategy

The Learning and Teaching Strategy is informed by the University's Strategy for Learning. The contents of this module are introduced in lectures. These are supported by practical exercises in laboratory sessions. Tutorials are used to help explain and elaborate on both the lecture material and the laboratory exercises. All lecture, laboratory and tutorial material will be made available on GCU Learn and links will be provided to appropriate external material such as research papers, podcasts, MOOCs, videos and literature. During all lab and tutorial sessions students will receive formative feedback on their performance in undertaking the laboratory and tutorial exercises. Summative feedback and marks will be provided for the coursework assignments undertaken as part of the module using GCU Learn. GCU Learn will also be used to provide the students with module specific forums to stimulate student and lecturer interaction outwith the normal lecture, laboratory and tutorial sessions.

Indicative Reading

Hans Delfs and Helmut Knebl, "Introduction to Cryptography: Principles and Applications (Information Security and Cryptography)", Springer 2015 Stuttart, D. and Pinto M. The Web Application Hacker's Handbook, 2nd ed, John Wiley & Sons, Inc. , 2011 J. Viega, G. McGraw. Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, 2001. J. Viega, M. Messier "Secure Programming Cookbook", O'Reilley 2003 M. Howard, D. LeBlanc "Writing Secure Code", Microsoft, 2002 M. Howard, S. Lipner "The Security Development Lifecycle Book", Microsoft Press 2006 C Adams, S Lloyd "Understanding PKI: concepts, standards, and deployment considerations" Addison-Wesley Professional 2003 W. Mao "Modern Cryptography: Theory and Practice", Prentice Hall 2003 G. McGraw, Software Security: Building Security in, Addison Wesley 2006

Transferrable Skills

Specialist knowledge and application Critical thinking and problem solving Critical analysis Communication skills, written, oral and listening Numeracy Computer literacy Self confidence, self discipline & self reliance (independent working) Creativity, innovation & independent thinking Appreciating and desiring the need for continuing professional development Reliability, integrity, honesty and ethical awareness Ability to prioritise tasks and time management

Module Structure

Activity Total Hours
Assessment (FT) 20.00
Lectures (FT) 24.00
Practicals (FT) 12.00
Independent Learning (FT) 132.00
Tutorials (FT) 12.00

Assessment Methods

Component Duration Weighting Threshold Description
Exam (Exams Office) 2.00 50.00 35% Unseen written examination
Coursework 1 n/a 50.00 35% Practical Assignment