Secure Software

Recommended Prerequisites

BSc in Informatics Engineering or equivalent.

Teaching Methods

Lecture classes (T): presentation and discussion around the topics of the course.

Lab classes (PL): application of theoretical concepts in projects.

Group projects will be used to promote and enable the exploration and exploitation of secure software development-related topics. Students will work together to design and implement a secure software application, emphasizing and demonstrating common risks or vulnerabilities. Virtual lab environments will be provided where students can practice implementing security measures, providing step-by-step instructions and challenges for students to solve, and fostering hands-on learning experiences.

Learning Outcomes

This course aims to provide knowledge about advanced techniques for developing secure software. Students who successfully complete the course will be able to define the different aspects of software development with strict security requirements, becoming capable of identifying alternatives and choosing and applying the most appropriate ones for each situation. These concepts will be analyzed and applied taking into account the different phases of the software development life cycle. It is intended that the students acquire skills in the analysis, design, development and validation of secure software, and understand how the techniques and concepts covered in this unit can be used to characterize, manage, and transform development processes. They will develop skills to evaluate and determine new solutions to build and develop secure software.

Work Placement(s)

No

Syllabus

• Security Concepts: Vulnerabilities, Threats, and Attacks
• Software Security Foundations
• Requirements Engineering for Secure Software
• Secure Software Architecture and Design
• Secure Programming
• Vulnerability Detection and Security Testing
• Software Security from an Organization Perspective
• Security evaluation fundaments: Metrics, Measurements, Benchmarking, and Risk Analysis
• Automation, DevSecOps, and Maturity Models
• AI for Secure Software Development.

Head Lecturer(s)

João Rodrigues de Campos

Assessment Methods

Assessment
Exam: 40.0%
Project: 60.0%

Bibliography

- J. Viega and G. McGraw, Building secure software: how to avoid security problems the right way. Addison-Wesley, 2001.

- M. Howard and D. E. Leblanc, Writing Secure Code, 2nd ed., Microsoft Press, 2002.

- C. J. Berg, C. Berg, and P. G. Neumann, High-Assurance Design: Architecting Secure and Reliable Enterprise Applications, Addison-Wesley Professional, 2005.

- M. Schumacher et al , Security Patterns: Integrating Security and Systems Engineering, Wiley, 2006.

- J. H. Allen et al, Software Security Engineering: A Guide for Project Managers, Addison-Wesley Professional, 2008.

- M. Howard and S. Lipner, The security development lifecycle. O’Reilly Media, Incorporated, 2009

- Mack, Sean D. The DevSecOps Playbook: Deliver Continuous Security at Speed. John Wiley & Sons, 2023.

- Andrew Hoffman. Web application security: Exploitation and Countermeasures for Modern Web Applications . "O'Reilly Media, Inc.", 2024.