ECTS - Secure Software Development

Secure Software Development (SE457) Course Detail

Course Name Course Code Season Lecture Hours Application Hours Lab Hours Credit ECTS
Secure Software Development SE457 Area Elective 3 0 0 3 5
Pre-requisite Course(s)
N/A
Course Language English
Course Type Elective Courses
Course Level Bachelor’s Degree (First Cycle)
Mode of Delivery Face To Face
Learning and Teaching Strategies Lecture, Drill and Practice.
Course Coordinator
Course Lecturer(s)
Course Assistants
Course Objectives The course objective is to teach the fundamental concepts of security, and its role in software development. Risk management, threat models, common vulnerabilities, and incorporation of security into the software development process will be identified, researched, discussed, and evaluated.
Course Learning Outcomes The students who succeeded in this course;
  • Explain fundamental elements in security
  • Explain how and when to use recent vulnerability information in software development.
  • Discuss the potential applications of risk management and threat modeling.
  • Discuss application of security practices, tools and techniques during software development.
Course Content Security Basics. Secure Software Development. DevSecOps. Risk management. Threat modeling. Security of Data, Communication and Application. Security Controls. API Security. Security Scenarios. Secure Coding Practices. OWASP Top 10. Mitre Atta@ck. Security Assessment and Testing. Security Frameworks and Guidelines

Weekly Subjects and Releated Preparation Studies

Week Subjects Preparation
1 Introduction Course notes
2 Security Basics, DevSecOps Course notes
3 Web Sources for vulnerabilities, Architecturally Significant Requirements Course notes
4 Risk management Course notes
5 Security Controls Course notes
6 Data Classification and Security Course notes
7 Application Security Course notes
8 OWASP Top 10 Ders notları
9 MITRE Att@ck Course notes
10 Secure Coding Practices Course notes
11 API Security Course notes
12 Security Assessment and Testing Course notes
13 Security Frameworks and Guidelines Course notes
14 Important Topics for security after deployment and during maintenance Course notes
15 Final Exam Ders notları
16 Final Exam Course notes

Sources

Course Book 1. Course Notes and online resources will be provided.
Other Sources 2. Secure Coding: Principles and Practices, First edition, by Mark G. Graff, Kenneth R. van Wyk, O'Reilly Media, ISBN 978-0596002428, 2003.
3. Secure Software Development: A Security Programmer's Guide, First edition, by Jason Grembi, Cengage Learning, ISBN 978-1418065478, 2008.
4. Secure and Resilient Software Development, First edition, by Mark S. Merkow, Lakshmikanth Raghavan, ISBN 978-1439826966, Auerbach Publications, 2010.
5. Designing Secure Software: A Guide for Developers, by Loren Kohnfelder, ISBN 978-1718501928, No Starch Press, 2021.
6. Software Security: Building Security, , First edition, by Gary McGraw, ISBN 978-0321356703, Addison-Wesley Professional, 2006.
7. Alice and Bob Learn Application Security, First edition, by Tanya Janca, ISBN 978-1119687351, Wiley, 2020
8. Threat Modeling: Designing for Security, First edition, by Adam Shostack, ISBN 978-1118809990, Wiley, 2014

Evaluation System

Requirements Number Percentage of Grade
Attendance/Participation - -
Laboratory - -
Application 4 20
Field Work - -
Special Course Internship - -
Quizzes/Studio Critics - -
Homework Assignments - -
Presentation - -
Project 1 20
Report - -
Seminar - -
Midterms Exams/Midterms Jury 1 20
Final Exam/Final Jury 1 40
Toplam 7 100
Percentage of Semester Work 60
Percentage of Final Work 40
Total 100

Course Category

Core Courses X
Major Area Courses
Supportive Courses
Media and Managment Skills Courses
Transferable Skill Courses

The Relation Between Course Learning Competencies and Program Qualifications

# Program Qualifications / Competencies Level of Contribution
1 2 3 4 5
1 Has adequate knowledge in mathematics, science, and computer engineering-specific subjects; uses theoretical and practical knowledge in these areas to solve complex engineering problems.
2 Identifies, defines, formulates, and solves complex engineering problems; selects and applies appropriate analysis and modeling methods for this purpose.
3 Designs a complex system, process, device, or product to meet specific requirements under realistic constraints and conditions; applies modern design methods for this purpose.
4 Develops, selects, and uses modern techniques and tools necessary for the analysis and solution of complex problems encountered in computer engineering applications; uses information technologies effectively.
5 Designs experiments, conducts experiments, collects data, analyzes and interprets results for the investigation of complex engineering problems or research topics specific to the discipline of computer engineering.
6 Works effectively in disciplinary and multidisciplinary teams; gains the ability to work individually.
7 Communicates effectively in Turkish, both orally and in writing; writes effective reports and understands written reports, prepares design and production reports, makes effective presentations, gives and receives clear and understandable instructions.
8 Knows at least one foreign language; writes effective reports and understands written reports, prepares design and production reports, makes effective presentations, gives and receives clear and understandable instructions.
9 Has awareness of the necessity of lifelong learning; accesses information, follows developments in science and technology, and continuously improves oneself.
10 Acts in accordance with ethical principles and has awareness of professional and ethical responsibility.
11 Has knowledge about the standards used in computer engineering applications.
12 Has knowledge about workplace practices such as project management, risk management, and change management.
13 Gains awareness about entrepreneurship and innovation.
14 Has knowledge about sustainable development.
15 Has knowledge about the health, environmental, and safety impacts of computer engineering applications in universal and societal dimensions and the contemporary issues reflected in the field of engineering.
16 Gains awareness of the legal consequences of engineering solutions.
17 Analyzes, designs, and expresses numerical computation and digital representation systems.
18 Uses programming languages and appropriate computer engineering concepts to solve computational problems.

ECTS/Workload Table

Activities Number Duration (Hours) Total Workload
Course Hours (Including Exam Week: 16 x Total Hours) 16 3 48
Laboratory
Application
Special Course Internship
Field Work
Study Hours Out of Class 16 2 32
Presentation/Seminar Prepration
Project 1 20 20
Report
Homework Assignments 2 5 10
Quizzes/Studio Critics
Prepration of Midterm Exams/Midterm Jury 1 5 5
Prepration of Final Exams/Final Jury 1 10 10
Total Workload 125