Design and Development of Secure Software
2nd Cycle Studies - Mestrado
BSc in Informatics Engineering or equivalent.
Lecture classes (T): presentation and discussion around the topics of the course.
Lab classes (PL): application of theoretical concepts in projects.
The MSI theoretical classes will take place, preferably, Friday afternoon and Saturday morning. Theoretical classes will also be broadcast by teleconference and will be recorded to allow the students to follow the classes remotely.
The practical classes will be preferably booked Friday morning. The practical assignments may also be developed by the students in remote and asynchronous mode with remote support of teachers.
The aim of this course is to provide knowledge on advanced techniques for the development of secure software. It is expected that students master the different aspects of developing software with security requirements, being able to identify existing alternatives and selecting and implementing the most adequate ones. The course considers the different phases of the software development lifecycle, from requirements engineering to testing. Beyond acquiring knowledge on the fundamentals of the area, students are expected to gain competences in the analysis, design, development and validation of secure software through their application in real-world case studies.
• Security Concepts: Vulnerabilities, Threats, and Attacks
• Software Security Foundations
• Requirements Engineering for Secure Software
• Secure Software Architecture and Design
• Secure Programming
• Vulnerability Detection and Security Testing
• Software Security from an Organization Perspective
• Security evaluation fundaments: Metrics, Measurements, Benchmarking, and Risk Analysis.
Nuno Manuel dos Santos Antunes
- J. Viega and G. McGraw, Building secure software: how to avoid security problems the right way. Addison-Wesley, 2001.
- M. Howard and D. E. Leblanc, Writing Secure Code, 2nd ed., Microsoft Press, 2002.
- G. Hoglund and G. McGraw, Exploiting Software: How To Break Code. Pearson Education, 2004.
- M. Howard, et al. , 19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them, McGraw-Hill, 2005.
- C. J. Berg, C. Berg, and P. G. Neumann, High-Assurance Design: Architecting Secure and Reliable Enterprise Applications, Addison-Wesley Professional, 2005.
- M. Schumacher et al , Security Patterns: Integrating Security and Systems Engineering, Wiley, 2006.
- G. McGraw, Software Security: Building Security In. Addison-Wesley Professional, 2006.
- J. H. Allen et al, Software Security Engineering: A Guide for Project Managers, Addison-Wesley Professional, 2008.
- M. Howard and S. Lipner, The security development lifecycle. O’Reilly Media, Incorporated, 2009.