Module Details
| Module Code: |
SWRE C7007 |
|
Full Title:
|
Security for Software Developers
|
| Valid From:: |
Semester 1 - 2019/20 ( June 2019 ) |
| Language of Instruction: | English |
|---|
| Module Owner:: |
Caroline Sheedy
|
| Module Description: |
Students completing this module will have an understanding of the importance of secure development from the design stage, develop an understanding of the most common threats and vulnerabilities, and will be aware of how to select appropriate security controls and defences.
|
| Module Learning Outcome |
| On successful completion of this module the learner will be able to: |
| # |
Module Learning Outcome Description |
| MLO1 |
Illuminate the need for security at the design phase of an application and identify risk. |
| MLO2 |
Discuss the legislation and ethical issues relating to privacy and confidentiality, specifically when holding user data. |
| MLO3 |
Analyse the OWASP top 10 vulnerabilities. |
| MLO4 |
Design and incorporate appropriate software development practices. |
| Pre-requisite learning |
Module Recommendations
This is prior learning (or a practical skill) that is strongly recommended before enrolment in this module. You may enrol in this module if you have not acquired the recommended learning but you will have considerable difficulty in passing (i.e. achieving the learning outcomes of) the module. While the prior learning is expressed as named DkIT module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).
|
| No recommendations listed |
| Module Indicative Content |
|
Introduction
Program security flaws, OWASP, malicious and non-malicious.
|
|
Secure Development Principles
Identify security issues at the design phase.
|
|
Data Security Principles
Almost any source of data can be an injection vector, environment variables, parameters, external and internal web services, and all types of users.
|
|
Privacy
Privacy-Enhancing and Privacy-Aware methodologies and technologies, relevant legislation.
|
|
Cryptography
Symmetric and asymmetric encryption, hashing algorithms, digital signatures.
|
|
Module Assessment
|
| Assessment Breakdown | % |
|---|
| Course Work | 50.00% |
| Final Examination | 50.00% |
| Module Special Regulation |
| |
AssessmentsFull Time On Campus
Part Time On Campus
| Reassessment Requirement |
A repeat examination
Reassessment of this module will consist of a repeat examination. It is possible that there will also be a requirement to be reassessed in a coursework element.
|
Reassessment Description
The case assignment(s) will be repeatable
|
DKIT reserves the right to alter the nature and timings of assessment
Module Workload
| Workload: Full Time On Campus |
| Workload Type |
Contact Type |
Workload Description |
Frequency |
Average Weekly Learner Workload |
Hours |
| Lecture |
Contact |
The lecture will outline the theories of software security |
Every Week |
2.00 |
2 |
| Practical |
Contact |
Implement the theories outlined in the lecture |
Every Week |
2.00 |
2 |
| Directed Reading |
Non Contact |
Carry out further reading on the topics covered in lectures and labs |
Every Week |
2.00 |
2 |
| Independent Study |
Non Contact |
Carry out further reading on relevant topics which have not been addresses during lectures and labs |
Every Week |
2.00 |
2 |
| Total Weekly Learner Workload |
8.00 |
| Total Weekly Contact Hours |
4.00 |
| Workload: Part Time On Campus |
| Workload Type |
Contact Type |
Workload Description |
Frequency |
Average Weekly Learner Workload |
Hours |
| Lecture |
Contact |
The lecture will outline the theories of software security |
Every Week |
2.00 |
2 |
| Practical |
Contact |
Implement the theories outlined in the lecture |
Every Week |
2.00 |
2 |
| Directed Reading |
Non Contact |
Carry out further reading on the topics covered in lectures and labs |
Every Week |
2.00 |
2 |
| Independent Study |
Non Contact |
Carry out further reading on relevant topics which have not been addresses during lectures and labs |
Every Week |
2.00 |
2 |
| Total Weekly Learner Workload |
8.00 |
| Total Weekly Contact Hours |
4.00 |
|
Module Resources
|
| Recommended Book Resources |
|---|
-
Gollman, Dieter. (2013), Computer Security, Wiley, [ISBN: 9780470741153].
-
O'Reilly. (2009), Beautiful Security, [ISBN: 978059652748].
-
Michael Howard, David LeBlanc. (2004), Writing Secure Code, Second Edition.
-
Merkow, Mark S., and Lakshmikanth Raghavan Auerbach Publications. (2010), Secure and resilient software development..
-
Long, F., Mohindra, D., Seacord, R. C., Sutherland, D. F., & Svoboda, D. Addison-Wesley Professional.. (2011), The CERT Oracle Secure Coding Standard for Java..
-
Michael Goodrich Roberto Tamassia Pearson. (2018), Introduction to Computer Security, 2nd. [ISBN: 0133575470 97].
-
Fred Long. (2013), Java Coding Guidelines: 75 Recommendations for Reliable and Secure Software, Pearson.
| | This module does not have any article/paper resources |
|---|
| Other Resources |
|---|
-
website, SANS Institute,
-
Website, OWASP. (2017), OWASP Top 10,
| |
