To provide learners with a theoretical knowledge and practical skills of developing secure software applications, with particular emphases on web technologies.
Learning Outcomes
On successful completion of this module the learner will be able to:
#
Learning Outcome Description
LO1
Evaluate and discuss the most prevalent software application security issues.
LO2
Perform security testing to identify and validate the existence of software vulnerabilities.
LO3
Formulate and deploy strategies to fix or mitigate against identified vulnerabilities.
Dependencies
Module Recommendations
This is prior learning (or a practical skill) that is recommended before enrolment in this module.
No recommendations listed
Co-requisite Modules
No Co-requisite modules listed
Additional Requisite Information
No Co Requisites listed
Indicative Content
Secure Software Development
Secure software life cycle, secure application design, secure mobile application development, cryptographic Design & implementation.
Data Validation & Access Control
Input validation and sanitisation, output encoding, authentication and password management, session management, access control.
Error Management and Information Disclosure
Error handling and logging, environment configuration, minimising Information Disclosure
Resource Security
Communication security, system configuration, database security, file access management, memory management.
System Penetration Testing & Code Analysis
Vulnerabilities code analysis and mitigations as outlined by leading industry security bodies such as OWASP, ISC2 and SANS.
Module Content & Assessment
Assessment Breakdown
%
Continuous Assessment
10.00%
Project
40.00%
End of Module Formal Examination
50.00%
Assessments
Full Time
Continuous Assessment
Assessment Type
Examination
% of Total Mark
10
Timing
Week 7
Learning Outcomes
1,3
Non-marked
No
Assessment Description Examination on content up to week 7
Project
Assessment Type
Project
% of Total Mark
40
Timing
Week 10
Learning Outcomes
2,3
Non-marked
No
Assessment Description Analyse the security flaws in a web application and perform code analysis and edits to mitigate identified vulnerabilities.
No Practical
End of Module Formal Examination
Assessment Type
Formal Exam
% of Total Mark
50
Timing
End-of-Semester
Learning Outcomes
1,2,3
Non-marked
No
Assessment Description The terminal exam will be a 3 hour written test
Reassessment Requirement
Exam Board It is at the discretion of the Examination Board as to what the qualifying criteria are.
SETU Carlow Campus reserves the right to alter the nature and timings of assessment
Module Workload
Workload: Full Time
Workload Type
Workload Category
Contact Type
Workload Description
Frequency
Average Weekly Learner Workload
Hours
Lecture
Contact
No Description
12 Weeks per Stage
2.00
24
Laboratory
Contact
No Description
12 Weeks per Stage
2.00
24
Independent Learning Time
Non Contact
No Description
15 Weeks per Stage
5.13
77
Total Weekly Contact Hours
4.00
Module Resources
Supplementary Book Resources
Michał Zalewski. (2012), The Tangled Web: A Guide to Securing Modern Web Applications, 1st Edition. O’ Reilly Media.
Ryan C. Barnett. (2012), Web Application Defender's Cookbook: Battling Hackers and Protecting Users, O’ Reilly Media.
Microsoft Corporation. (2011), Improving Web Application Security: Threats and Countermeasures, Microsoft Corporation.
Michael Cross. (2007), Developer's Guide to Web Application Security, Syngress Press, p.489, [ISBN: 9781597490610].
This module does not have any article/paper resources