COURSE UNIT TITLE

: SECURE SOFTWARE DESIGN AND PROGRAMMING

Description of Individual Course Units

Course Unit Code Course Unit Title Type Of Course D U L ECTS
CSC 5017 SECURE SOFTWARE DESIGN AND PROGRAMMING ELECTIVE 3 0 0 8

Offered By

Graduate School of Natural and Applied Sciences

Level of Course Unit

Second Cycle Programmes (Master's Degree)

Course Coordinator

ASSOCIATE PROFESSOR METE EMINAĞAOĞLU

Offered to

Computer Science
Ph.D. in Computer Science

Course Objective

This course aims to provide a thorough, up-to-date coverage of the entire discipline of computer security specifically in design and development, doing code review using static analysis tools and to learn how to do architectural risk analysis, penetration testing and security testing.

Learning Outcomes of the Course Unit

1   To be able to understand the computer security threats
2   To be able to utilize the secure coding principles across multiple operating system domains
3   To be able to do the security testing
4   To be able to perform a Security Code Review
5   To understand and appreciate the importance of the standards that are central to today's security solutions

Mode of Delivery

Face -to- Face

Prerequisites and Co-requisites

None

Recomended Optional Programme Components

None

Course Contents

Week Subject Description
1 Introduction, Basic Threats, Vulnerability Analysis, Profile Analysis
2 Secure Coding Techniques
3 Access Control
4 Taking Control of Least Privileges
5 Cryptographic Issues
6 Input Control
7 Midterm exam
8 Database Specific Input Issues
9 Web Specific Input Issues
10 Socket Security
11 Securing RPC, ActiveX Controls
12 Writing Secure .NET Code

Recomended or Required Reading

Textbook(s): Gary McGraw, Software Security: Building Security In, Addison-Wesley, 2006.
Supplementary Book(s): Michael Howard, David LeBlanc, Writing Secure Code, 2nd. Ed., Microsoft Press, 2003.

Planned Learning Activities and Teaching Methods

The course is taught in a lecture, class presentation and discussion format. Besides the taught lecture, group presentations are to be prepared by the groups assigned and presented in a discussion session. In some weeks of the course, results of the homework given previously are discussed.

Assessment Methods

SORTING NUMBER SHORT CODE LONG CODE FORMULA
1 ASG ASSIGNMENT
2 MTE MIDTERM EXAM
3 FIN FINAL EXAM
4 FCG FINAL COURSE GRADE ASG * 0.30 + MTE * 0.30 + FIN * 0.40
5 RST RESIT
6 FCGR FINAL COURSE GRADE (RESIT) ASG * 0.30 + MTE * 0.30 + RST * 0.40


*** Resit Exam is Not Administered in Institutions Where Resit is not Applicable.

Further Notes About Assessment Methods

None

Assessment Criteria

To be announced.

Language of Instruction

English

Course Policies and Rules

To be announced.

Contact Details for the Lecturer(s)

To be announced.

Office Hours

To be announced.

Work Placement(s)

None

Workload Calculation

Activities Number Time (hours) Total Work Load (hours)
Lectures 13 3 39
Preparations before/after weekly lectures 13 4 52
Preparation for midterm exam 1 20 20
Preparation for final exam 1 20 20
Preparing assignments 2 20 40
Preparing presentations 2 10 20
Final 1 2 2
Midterm 1 2 2
TOTAL WORKLOAD (hours) 195

Contribution of Learning Outcomes to Programme Outcomes

PO/LOPO.1PO.2PO.3PO.4PO.5PO.6PO.7PO.8PO.9PO.10
LO.15553
LO.25553
LO.35553
LO.45553
LO.55553