SETU Curriculum - SECU - Secure Application Development

Module Details

Module Code:	SECU
Module Title:	Secure Application Development
Title:	Secure Application Development
Module Level::	8

Credits::	5

Module Coordinator:	Nigel Whyte

Module Author::	Richard Butler

Domains:

Module Description:	To provide learners with a theoretical knowledge and practical skills of developing secure software applications, with particular emphases on web technologies.

Learning Outcomes
On successful completion of this module the learner will be able to:
#	Learning Outcome Description
LO1	Evaluate and discuss the most prevalent software application security issues.
LO2	Perform security testing to identify and validate the existence of software vulnerabilities.
LO3	Formulate and deploy strategies to fix or mitigate against identified vulnerabilities.

Dependencies
Module Recommendations This is prior learning (or a practical skill) that is recommended before enrolment in this module.
No recommendations listed
Co-requisite Modules
No Co-requisite modules listed
Additional Requisite Information
No Co Requisites listed

Indicative Content
Secure Software Development Secure software life cycle, secure application design, secure mobile application development, cryptographic Design & implementation.
Data Validation & Access Control Input validation and sanitisation, output encoding, authentication and password management, session management, access control.
Error Management and Information Disclosure Error handling and logging, environment configuration, minimising Information Disclosure
Resource Security Communication security, system configuration, database security, file access management, memory management.
System Penetration Testing & Code Analysis Vulnerabilities code analysis and mitigations as outlined by leading industry security bodies such as OWASP, ISC2 and SANS.

Assessment Breakdown	%
Module Content & Assessment
Continuous Assessment	10.00%
Project	40.00%
End of Module Formal Examination	50.00%

Assessments

Full Time

Continuous Assessment

Assessment Type	Examination	% of Total Mark	10
Timing	Week 7	Learning Outcomes	1,3
Non-marked	No
Assessment Description Examination on content up to week 7

Project

Assessment Type	Project	% of Total Mark	40
Timing	Week 10	Learning Outcomes	2,3
Non-marked	No
Assessment Description Analyse the security flaws in a web application and perform code analysis and edits to mitigate identified vulnerabilities.

No Practical

End of Module Formal Examination

Assessment Type	Formal Exam	% of Total Mark	50
Timing	End-of-Semester	Learning Outcomes	1,2,3
Non-marked	No
Assessment Description The terminal exam will be a 3 hour written test

Reassessment Requirement
Exam Board It is at the discretion of the Examination Board as to what the qualifying criteria are.

SETU Carlow Campus reserves the right to alter the nature and timings of assessment

Module Workload

Workload: Full Time
Workload Type	Workload Category	Contact Type	Workload Description	Frequency	Average Weekly Learner Workload	Hours
Lecture		Contact	No Description	12 Weeks per Stage	2.00	24
Laboratory		Contact	No Description	12 Weeks per Stage	2.00	24
Independent Learning Time		Non Contact	No Description	15 Weeks per Stage	5.13	77
Total Weekly Contact Hours						4.00

Supplementary Book Resources
Module Resources
Michał Zalewski. (2012), The Tangled Web: A Guide to Securing Modern Web Applications, 1st Edition. O’ Reilly Media. Ryan C. Barnett. (2012), Web Application Defender's Cookbook: Battling Hackers and Protecting Users, O’ Reilly Media. Microsoft Corporation. (2011), Improving Web Application Security: Threats and Countermeasures, Microsoft Corporation. Michael Cross. (2007), Developer's Guide to Web Application Security, Syngress Press, p.489, [ISBN: 9781597490610].
This module does not have any article/paper resources
This module does not have any other resources

Discussion Note: