ECTS - Secure Software Development
Secure Software Development (SE457) Course Detail
| Course Name | Course Code | Season | Lecture Hours | Application Hours | Lab Hours | Credit | ECTS |
|---|---|---|---|---|---|---|---|
| Secure Software Development | SE457 | Area Elective | 3 | 0 | 0 | 3 | 5 |
| Pre-requisite Course(s) |
|---|
| N/A |
| Course Language | English |
|---|---|
| Course Type | Elective Courses |
| Course Level | Bachelor’s Degree (First Cycle) |
| Mode of Delivery | |
| Learning and Teaching Strategies | . |
| Course Lecturer(s) |
|
| Course Objectives | |
| Course Learning Outcomes |
The students who succeeded in this course;
|
| Course Content | Security Basics. Secure Software Development. DevSecOps. Risk management. Threat modeling. Security of Data, Communication and Application. Security Controls. API Security. Security Scenarios. Secure Coding Practices. OWASP Top 10. Mitre Atta@ck. Security Assessment and Testing. Security Frameworks and Guidelines |
Weekly Subjects and Releated Preparation Studies
| Week | Subjects | Preparation |
|---|---|---|
| 1 | Introduction | Course notes |
| 2 | Security Basics, DevSecOps | Course notes |
| 3 | Web Sources for vulnerabilities, Architecturally Significant Requirements | Course notes |
| 4 | Risk management | Course notes |
| 5 | Security Controls | Course notes |
| 6 | Data Classification and Security | Course notes |
| 7 | Application Security | Course notes |
| 8 | OWASP Top 10 | Ders notları |
| 9 | MITRE Att@ck | Course notes |
| 10 | Secure Coding Practices | Course notes |
| 11 | API Security | Course notes |
| 12 | Security Assessment and Testing | Course notes |
| 13 | Security Frameworks and Guidelines | Course notes |
| 14 | Important Topics for security after deployment and during maintenance | Course notes |
| 15 | Final Exam | Ders notları |
| 16 | Final Exam | Course notes |
Sources
| Course Book | 1. Course Notes and online resources will be provided. |
|---|---|
| Other Sources | 2. Secure Coding: Principles and Practices, First edition, by Mark G. Graff, Kenneth R. van Wyk, O'Reilly Media, ISBN 978-0596002428, 2003. |
| 3. Secure Software Development: A Security Programmer's Guide, First edition, by Jason Grembi, Cengage Learning, ISBN 978-1418065478, 2008. | |
| 4. Secure and Resilient Software Development, First edition, by Mark S. Merkow, Lakshmikanth Raghavan, ISBN 978-1439826966, Auerbach Publications, 2010. | |
| 5. Designing Secure Software: A Guide for Developers, by Loren Kohnfelder, ISBN 978-1718501928, No Starch Press, 2021. | |
| 6. Software Security: Building Security, , First edition, by Gary McGraw, ISBN 978-0321356703, Addison-Wesley Professional, 2006. | |
| 7. Alice and Bob Learn Application Security, First edition, by Tanya Janca, ISBN 978-1119687351, Wiley, 2020 | |
| 8. Threat Modeling: Designing for Security, First edition, by Adam Shostack, ISBN 978-1118809990, Wiley, 2014 |
Evaluation System
| Requirements | Number | Percentage of Grade |
|---|---|---|
| Attendance/Participation | - | - |
| Laboratory | - | - |
| Application | 4 | 20 |
| Field Work | - | - |
| Special Course Internship | - | - |
| Quizzes/Studio Critics | - | - |
| Homework Assignments | - | - |
| Presentation | - | - |
| Project | 1 | 20 |
| Report | - | - |
| Seminar | - | - |
| Midterms Exams/Midterms Jury | 1 | 20 |
| Final Exam/Final Jury | 1 | 40 |
| Toplam | 7 | 100 |
| Percentage of Semester Work | |
|---|---|
| Percentage of Final Work | 100 |
| Total | 100 |
Course Category
| Core Courses | X |
|---|---|
| Major Area Courses | |
| Supportive Courses | |
| Media and Managment Skills Courses | |
| Transferable Skill Courses |
The Relation Between Course Learning Competencies and Program Qualifications
| # | Program Qualifications / Competencies | Level of Contribution | ||||
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 1 | Gain sufficient knowledge in mathematics, science and computing; be able to use theoretical and applied knowledge in these areas to solve engineering problems related to information systems. | |||||
| 2 | To be able to identify, define, formulate and solve complex engineering problems; to be able to select and apply appropriate analysis and modeling methods for this purpose. | |||||
| 3 | Designs a complex system, process, device or product under realistic constraints and conditions to meet specific requirements; applies modern design methods for this purpose. | |||||
| 4 | To be able to develop, select and use modern techniques and tools required for the analysis and solution of complex problems encountered in information systems engineering applications; to be able to use information technologies effectively. | X | ||||
| 5 | Designs and conducts experiments, collects data, analyzes and interprets results to investigate complex engineering problems or research topics specific to the discipline of information systems engineering. | |||||
| 6 | Can work effectively in disciplinary and multidisciplinary teams; can work individually. | |||||
| 7 | a. Communicates effectively both orally and in writing; writes effective reports and understands written reports, prepares design and production reports, makes effective presentations, gives and receives clear and understandable instructions. b. Knows at least one foreign language. | |||||
| 8 | To be aware of the necessity of lifelong learning; to be able to access information, to be able to follow developments in science and technology and to be able to renew himself/herself continuously. | |||||
| 9 | a. Acts in accordance with the principles of ethics, gains awareness of professional and ethical responsibility. b. Gains knowledge about the standards used in information systems engineering applications. | |||||
| 10 | a. Gains knowledge about business life practices such as project management, risk management and change management. b. Gains awareness about entrepreneurship and innovation. c. Gains knowledge about sustainable development. | |||||
| 11 | a. To be able to acquire knowledge about the universal and social effects of information systems engineering applications on health, environment and safety and the problems of the era reflected in the field of engineering. b. Gains awareness of the legal consequences of engineering solutions. | |||||
ECTS/Workload Table
| Activities | Number | Duration (Hours) | Total Workload |
|---|---|---|---|
| Course Hours (Including Exam Week: 16 x Total Hours) | 16 | 3 | 48 |
| Laboratory | |||
| Application | |||
| Special Course Internship | |||
| Field Work | |||
| Study Hours Out of Class | 16 | 2 | 32 |
| Presentation/Seminar Prepration | |||
| Project | 1 | 20 | 20 |
| Report | |||
| Homework Assignments | 2 | 5 | 10 |
| Quizzes/Studio Critics | |||
| Prepration of Midterm Exams/Midterm Jury | 1 | 5 | 5 |
| Prepration of Final Exams/Final Jury | 1 | 10 | 10 |
| Total Workload | 125 | ||