On successful completion of the module, students will be able to:
Demonstrate an understanding of fundamental design and implementation principles that preserve security properties;
Critically appraise security requirements and their role in securing software systems and the data they store and manage;
Predict software security design and implementation flaws;
Produce software products that meet ethical standards when creating, deploying; using, and retiring of software;
Apply static and dynamic testing to large software systems.
This module covers a range of principles, methodologies and processes that enable secure and effective end-to-end software product development and deployment.
The module builds on software design and development skills gained on earlier modules such as COM5003 Further Software Development, teaching students how to develop their code in a way that guards against the accidental introduction of common security vulnerabilities. Students also learn how to deploy applications securely and sustainably using cloud-based platforms such as Azure and AWS and through the application of agile principles. They will practise using tools to monitor and automate deployment tasks, strengthening their understanding of core DevOps principles gained on COM5033 Team Project. Students will also learn about decommissioning/retiring of software and how to remove it without causing security problems and how to use security documentation to avoid and deal with any potential security problems.
Examples of topics covered on the module include:
- Secure development best practices including use of processes and tools such as version control and agile methods in securing applications;
- Securing the build and development pipeline including use of DevOps processes and tools such as continuous integration, containers and build automation;
- Best practices for deploying apps in the cloud;
- Data security and standards;
- Security testing;
- Vulnerability analysis and risk assessment.
The learning and teaching is structured around a series of seminars and workshops.
Workshops
Hours: 36
Intended Group Size: Cohort
Seminars
Hours: 24
Intended Group Size: Cohort
Guided independent study
Hours: 240
Further details relating to assessment
Artefact: As part of the module students design and deliver several software applications. The final product is the one that is marked. Marking reflects the ability to produce work that matches stated requirements for functionality and reliability but focuses on secure design and integration processes deployed.
Process Report: This demonstrates sophisticated capacity for reflection and enhancement within challenging technical, commercial, and customer-focused constraints, as well as compliance with the legal, ethical, commercial, and organisational requirements.
Written Assignment: This assignment will test the students' knowledge and problem-solving skills on issues related to secure development and deployment. The assignment will ask them questions with reference to supplied code resources and the students must review the code and respond with their recommendations.
001 Artefact; 3,000 word equivalent; end of semester 1 40%
002 Process Report; 1,500 words; end of semester 1 20%
003 Written assignment; 3 hours; end of semester 1 40%
Module Coordinator - Jim Diokou
Level - 6
Credit Value - 30
Pre-Requisites - NONE
Semester(s) Offered - 6S1