ECTS - Secure Software Development
Secure Software Development (SE457) Course Detail
| Course Name | Course Code | Season | Lecture Hours | Application Hours | Lab Hours | Credit | ECTS |
|---|---|---|---|---|---|---|---|
| Secure Software Development | SE457 | Area Elective | 3 | 0 | 0 | 3 | 5 |
| Pre-requisite Course(s) |
|---|
| N/A |
| Course Language | English |
|---|---|
| Course Type | Elective Courses |
| Course Level | Bachelor’s Degree (First Cycle) |
| Mode of Delivery | Face To Face |
| Learning and Teaching Strategies | Lecture, Drill and Practice. |
| Course Lecturer(s) |
|
| Course Objectives | The course objective is to teach the fundamental concepts of security, and its role in software development. Risk management, threat models, common vulnerabilities, and incorporation of security into the software development process will be identified, researched, discussed, and evaluated. |
| Course Learning Outcomes |
The students who succeeded in this course;
|
| Course Content | Security Basics. Secure Software Development. DevSecOps. Risk management. Threat modeling. Security of Data, Communication and Application. Security Controls. API Security. Security Scenarios. Secure Coding Practices. OWASP Top 10. Mitre Atta@ck. Security Assessment and Testing. Security Frameworks and Guidelines |
Weekly Subjects and Releated Preparation Studies
| Week | Subjects | Preparation |
|---|---|---|
| 1 | Introduction | Course notes |
| 2 | Security Basics, DevSecOps | Course notes |
| 3 | Web Sources for vulnerabilities, Architecturally Significant Requirements | Course notes |
| 4 | Risk management | Course notes |
| 5 | Security Controls | Course notes |
| 6 | Data Classification and Security | Course notes |
| 7 | Application Security | Course notes |
| 8 | OWASP Top 10 | Ders notları |
| 9 | MITRE Att@ck | Course notes |
| 10 | Secure Coding Practices | Course notes |
| 11 | API Security | Course notes |
| 12 | Security Assessment and Testing | Course notes |
| 13 | Security Frameworks and Guidelines | Course notes |
| 14 | Important Topics for security after deployment and during maintenance | Course notes |
| 15 | Final Exam | Ders notları |
| 16 | Final Exam | Course notes |
Sources
| Course Book | 1. Course Notes and online resources will be provided. |
|---|---|
| Other Sources | 2. Secure Coding: Principles and Practices, First edition, by Mark G. Graff, Kenneth R. van Wyk, O'Reilly Media, ISBN 978-0596002428, 2003. |
| 3. Secure Software Development: A Security Programmer's Guide, First edition, by Jason Grembi, Cengage Learning, ISBN 978-1418065478, 2008. | |
| 4. Secure and Resilient Software Development, First edition, by Mark S. Merkow, Lakshmikanth Raghavan, ISBN 978-1439826966, Auerbach Publications, 2010. | |
| 5. Designing Secure Software: A Guide for Developers, by Loren Kohnfelder, ISBN 978-1718501928, No Starch Press, 2021. | |
| 6. Software Security: Building Security, , First edition, by Gary McGraw, ISBN 978-0321356703, Addison-Wesley Professional, 2006. | |
| 7. Alice and Bob Learn Application Security, First edition, by Tanya Janca, ISBN 978-1119687351, Wiley, 2020 | |
| 8. Threat Modeling: Designing for Security, First edition, by Adam Shostack, ISBN 978-1118809990, Wiley, 2014 |
Evaluation System
| Requirements | Number | Percentage of Grade |
|---|---|---|
| Attendance/Participation | - | - |
| Laboratory | - | - |
| Application | 4 | 20 |
| Field Work | - | - |
| Special Course Internship | - | - |
| Quizzes/Studio Critics | - | - |
| Homework Assignments | - | - |
| Presentation | - | - |
| Project | 1 | 20 |
| Report | - | - |
| Seminar | - | - |
| Midterms Exams/Midterms Jury | 1 | 20 |
| Final Exam/Final Jury | 1 | 40 |
| Toplam | 7 | 100 |
| Percentage of Semester Work | 60 |
|---|---|
| Percentage of Final Work | 40 |
| Total | 100 |
Course Category
| Core Courses | X |
|---|---|
| Major Area Courses | |
| Supportive Courses | |
| Media and Managment Skills Courses | |
| Transferable Skill Courses |
The Relation Between Course Learning Competencies and Program Qualifications
| # | Program Qualifications / Competencies | Level of Contribution | ||||
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 1 | Has adequate knowledge in mathematics, science, and computer engineering-specific subjects; uses theoretical and practical knowledge in these areas to solve complex engineering problems. | |||||
| 2 | Identifies, defines, formulates, and solves complex engineering problems; selects and applies appropriate analysis and modeling methods for this purpose. | |||||
| 3 | Designs a complex system, process, device, or product to meet specific requirements under realistic constraints and conditions; applies modern design methods for this purpose. | |||||
| 4 | Develops, selects, and uses modern techniques and tools necessary for the analysis and solution of complex problems encountered in computer engineering applications; uses information technologies effectively. | |||||
| 5 | Designs experiments, conducts experiments, collects data, analyzes and interprets results for the investigation of complex engineering problems or research topics specific to the discipline of computer engineering. | |||||
| 6 | Works effectively in disciplinary and multidisciplinary teams; gains the ability to work individually. | |||||
| 7 | Communicates effectively in Turkish, both orally and in writing; writes effective reports and understands written reports, prepares design and production reports, makes effective presentations, gives and receives clear and understandable instructions. | |||||
| 8 | Knows at least one foreign language; writes effective reports and understands written reports, prepares design and production reports, makes effective presentations, gives and receives clear and understandable instructions. | |||||
| 9 | Has awareness of the necessity of lifelong learning; accesses information, follows developments in science and technology, and continuously improves oneself. | |||||
| 10 | Acts in accordance with ethical principles and has awareness of professional and ethical responsibility. | |||||
| 11 | Has knowledge about the standards used in computer engineering applications. | |||||
| 12 | Has knowledge about workplace practices such as project management, risk management, and change management. | |||||
| 13 | Gains awareness about entrepreneurship and innovation. | |||||
| 14 | Has knowledge about sustainable development. | |||||
| 15 | Has knowledge about the health, environmental, and safety impacts of computer engineering applications in universal and societal dimensions and the contemporary issues reflected in the field of engineering. | |||||
| 16 | Gains awareness of the legal consequences of engineering solutions. | |||||
| 17 | Analyzes, designs, and expresses numerical computation and digital representation systems. | |||||
| 18 | Uses programming languages and appropriate computer engineering concepts to solve computational problems. | |||||
ECTS/Workload Table
| Activities | Number | Duration (Hours) | Total Workload |
|---|---|---|---|
| Course Hours (Including Exam Week: 16 x Total Hours) | 16 | 3 | 48 |
| Laboratory | |||
| Application | |||
| Special Course Internship | |||
| Field Work | |||
| Study Hours Out of Class | 16 | 2 | 32 |
| Presentation/Seminar Prepration | |||
| Project | 1 | 20 | 20 |
| Report | |||
| Homework Assignments | 2 | 5 | 10 |
| Quizzes/Studio Critics | |||
| Prepration of Midterm Exams/Midterm Jury | 1 | 5 | 5 |
| Prepration of Final Exams/Final Jury | 1 | 10 | 10 |
| Total Workload | 125 | ||