Course Unit / Design and Development of Secure Software

Design and Development of Secure Software

Year
1
Academic year
2017-2018
Code
02033275
Subject Area
Informatics Security
Language of Instruction
Portuguese
Other Languages of Instruction
English
Mode of Delivery
Face-to-face
Duration
SEMESTRIAL
ECTS Credits
6.0
Type
Compulsory
Level
2nd Cycle Studies - Mestrado

Recommended Prerequisites

     BSc in Informatics Engineering or equivalent

Teaching Methods

Lecture classes (T): presentation and discussion around the topics of the course.

Lab classes (PL): application of theoretical concepts in projects.

The MSI theoretical classes will take place, preferably, Friday afternoon and Saturday morning. Theoretical classes will also be broadcast by teleconference and will be recorded to allow the students to follow the classes remotely.

The practical classes will be preferably booked Friday morning. The practical assignments may also be developed by the students in remote and asynchronous mode with remote support of teachers.

Work Placement(s)

No

Syllabus

  • Security Concepts: Vulnerabilities, Threats, and Attacks
  • Software Security Foundations
  • Requirements Engineering for Secure Software
  • Secure Software Architecture and Design
  • Secure Programming
  • Vulnerability Detection and Security Testing
  • Software Security from an Organization Perspective
  • Security evaluation fundaments: Metrics, Measurements, Benchmarking, and Risk Analysis

Head Lecturer(s)

Marco Paulo Amorim Vieira

Assessment Methods

Assessment
Project: 50.0%
Exam: 50.0%

Bibliography

- C. J. Berg, C. Berg, and P. G. Neumann, High-Assurance Design: Architecting Secure and Reliable Enterprise Applications, Addison-Wesley Professional, 2005.
- M. Schumacher et al , Security Patterns: Integrating Security and Systems Engineering, Wiley, 2006.
- G. McGraw, Software Security: Building Security In. Addison-Wesley Professional, 2006.
- J. H. Allen et al, Software Security Engineering: A Guide for Project Managers, Addison-Wesley Professional, 2008.
- M. Howard and S. Lipner, The security development lifecycle. O’Reilly Media, Incorporated, 2009.
- K. R. van Wyk et al, Enterprise Software Security: A Confluence of Disciplines, Addison-Wesley Professional, 2014.

- J. Viega and G. McGraw, Building secure software: how to avoid security problems the right way. Addison-Wesley, 2001.
- M. Howard and D. E. Leblanc, Writing Secure Code, 2nd ed., Microsoft Press, 2002.
- G. Hoglund and G. McGraw, Exploiting Software: How To Break Code. Pearson Education, 2004.
- M. Howard, D. LeBlanc, and J. Viega, 19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them, McGraw-Hill Osborne Media, 2005.