Learning Outcomes:
- Identify key security concepts (assets, requirements, vulnerabilities), threats and attacks to software systems;
- Distinguish the most common classes of vulnerabilities, including architectural flaws and security bugs, in software projects;
- Select countermeasures that could be applied to mitigate vulnerabilities;
- Identify and exploit security vulnerabilities in software projects using security testing;
- Design secure software and develop patches to remove vulnerabilities from existing software projects;
- Specific security and privacy requirements, including compliance with necessary standards and regulations;
- Work in teams, share work fairly and meet the obligations set by the group;
- Be curious about latest security vulnerabilities and patches;
- Actively promote security practices.
Indicative Module Content:
Web application development using SpringBoot
Security design flaws
OWASP Top 10 Vulnerabilities;
Security testing: penetration testing, dynamic application security testing, static application security testing, and interactive application security testing;
OWASP Application Security Verification Standard (ASVS);
Secure Development Lifecycle such as the Microsoft Secure Development Lifecycle (SDLC);
SDLC assessment via the Building Security In Maturity Model and the OWASP Software Assurance Maturity Model;
Security requirements specification using adversarial thinking, threat modelling, attack trees and abuse cases.