Navigation

13M111RBS - Secure Software Development

Course specification
Course title Secure Software Development
Acronym 13M111RBS
Study programme Electrical Engineering and Computing
Module
Type of study master academic studies
Lecturer (for classes)
Lecturer/Associate (for practice)
Lecturer/Associate (for OTC)
ESPB 6.0 Status elective
Condition Computer Security, Software Design, Internet Applications Programming
The goal Introducing students to the field of secure software development. Training students for the use of best practices in secure software development. Understanding threats and ways for detection and removal of threats in existing software systems. Attack vectors on computer and software systems. Introducing students to secure code audit methodologies.
The outcome Students will gain knowledge about secure software development methodologies, as well as methodologies for detection and removal of threats and vulnerabilities in existing software systems.
Contents
URL to the subject page https://rti.etf.bg.ac.rs/rti/ms1rbs/
Contents of lectures Overview and motivation behind the secure software development lifecycle. Security requirements analysis. Secure design patterns and principles. Threat modelling and security design analysis. Web application vulnerabilities. Script language vulnerabilities. Application programming interface vulnerabilities. Managed language vulnerabilities. Security testing and dynamic application testing.
Contents of exercises Same as theoretical content.
Literature
  1. Jason Grembi, Secure Software Development: A Security Programmer's Guide 1st Edition, Cengage Learning, 2008 (Original title)
  2. Gary McGraw, Software Security: Building Security In 1st Edition, Addison-Wesley Professional, 2006 (Original title)
  3. Adam Shostack, Threat Modeling: Designing for Security 1st Edition, Wiley, 2014 (Original title)
Number of hours per week during the semester/trimester/year
Lectures Exercises OTC Study and Research Other classes
2 2 1
Methods of teaching Lectures, exercises with demos in computer lab, lab exercises, seminars.
Knowledge score (maximum points 100)
Pre obligations Points Final exam Points
Activites during lectures Test paper 40
Practical lessons 40 Oral examination
Projects
Colloquia
Seminars 20