Explore UCD

UCD Home >

COMP47910

Academic Year 2024/2025

Secure Software Engineering (COMP47910)

Subject:
Computer Science
College:
Science
School:
Computer Science
Level:
4 (Masters)
Credits:
10
Module Coordinator:
Dr Liliana Pasquale
Trimester:
Summer
Mode of Delivery:
Blended
Internship Module:
No
How will I be graded?
Letter grades

Curricular information is subject to change.

This module aims to provide knowledge and to develop skills necessary to undertake a career as a Security Engineer, Architect or Analyst.
Students will be encouraged to be active, motivated learners who can promote security practices and work in groups towards breaking, fixing, and building software systems. The module will provide a learning environment that will encourage students to construct their knowledge through problem solving as part of a team, and to critically reflect on recent security breaches and vulnerabilities so they can develop their own and others leadership and advocacy skills.

About this Module

Learning Outcomes:

- Identify key security concepts (assets, requirements, vulnerabilities), threats and attacks to software systems;
- Distinguish the most common classes of vulnerabilities, including architectural flaws and security bugs, in software projects;
- Select countermeasures that could be applied to mitigate vulnerabilities;
- Identify and exploit security vulnerabilities in software projects using security testing;
- Design secure software and develop patches to remove vulnerabilities from existing software projects;
- Specific security and privacy requirements, including compliance with necessary standards and regulations;
- Work in teams, share work fairly and meet the obligations set by the group;
- Be curious about latest security vulnerabilities and patches;
- Actively promote security practices.

Indicative Module Content:

Web application development using SpringBoot

Security design flaws

OWASP Top 10 Vulnerabilities;

Security testing: penetration testing, dynamic application security testing, static application security testing, and interactive application security testing;

OWASP Application Security Verification Standard (ASVS);

Secure Development Lifecycle such as the Microsoft Secure Development Lifecycle (SDLC);

SDLC assessment via the Building Security In Maturity Model and the OWASP Software Assurance Maturity Model;

Security requirements specification using adversarial thinking, threat modelling, attack trees and abuse cases.

Student Effort Hours:
Student Effort Type Hours
Practical

14

Specified Learning Activities

80

Autonomous Student Learning

120

Online Learning

20

Total

234


Approaches to Teaching and Learning:
Pre-recorded lectures will be complemented with live activities, such as tutorials, discussion forums hands-on exercises using vulnerable software applications. The assessment approach will be based on continuous assessment and a project work.

Requirements, Exclusions and Recommendations
Learning Recommendations:

Knowledge of distributed systems


Module Requisites and Incompatibles
Not applicable to this module.
 

Assessment Strategy
Description Timing Component Scale Must Pass Component % of Final Grade In Module Component Repeat Offered
Assignment(Including Essay): Web App Development: Co-design and implementation of an additional functionality of an existing SpringBoot web application. Week 6 Graded No
20
Yes
Assignment(Including Essay): Vulnerability Assessment: A report that identifies and describes the vulnerabilities in the web application developed in the first assignment and showcases how these vulnerabilities can be exploited. Week 11 Graded No
40
Yes
Assignment(Including Essay): Vulnerability fixing: Co-design and implementation of an improved version of the web application improved in Assignment 1 to fix the vulnerabilities identified in Assignment 2. Week 15 Graded No
40
Yes

Carry forward of passed components
Yes
 

Remediation Type Remediation Timing
In-Module Resit Prior to relevant Programme Exam Board
Please see Student Jargon Buster for more information about remediation types and timing. 

Feedback Strategy/Strategies

• Feedback individually to students, on an activity or draft prior to summative assessment
• Feedback individually to students, post-assessment
• Group/class feedback, post-assessment
• Peer review activities

How will my Feedback be Delivered?

The lecturer will provide a variety of feedback strategies. The lecturer will provide students examples of security testing techniques and strategies to prevent vulnerabilities that the students should apply in their group projects. At the end of each group project, the lecturer will provide written feedback to each group using an instructional rubric. The second group project will be peer-reviewed by a different group of students who will provide written feedback following a given set of assessment criteria.

OWASP Top 10 - https://owasp.org/Top10/
Gary McGraw, "Software Security: Building Security In"
NIST Risk Management Framework - https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/
OWASP Application Security and Verification Standard - https://owasp.org/www-project-application-security-verification-standard/

Name Role
Kushal Ramkumar Tutor

Timetabling information is displayed only for guidance purposes, relates to the current Academic Year only and is subject to change.
Summer Practical Offering 51 Week(s) - 37, 43, 48 Fri 10:00 - 12:50