13M111RBS - Secure Software Development

Course specification
Course title		Secure Software Development
Acronym		13M111RBS
Study programme		Electrical Engineering and Computing
Module
Type of study		master academic studies
Lecturer (for classes)		professor PhD Žarko Stanisavljević asst. professor PhD Maja Vukasović
Lecturer/Associate (for practice)		asst. MA Danko Miladinović, electrical and computer engineer
Lecturer/Associate (for OTC)		asst. MA Danko Miladinović, electrical and computer engineer
ESPB		6.0	Status	elective
Condition		Computer Security, Software Design, Internet Applications Programming
The goal		Introducing students to the field of secure software development. Training students for the use of best practices in secure software development. Understanding threats and ways for detection and removal of threats in existing software systems. Attack vectors on computer and software systems. Introducing students to secure code audit methodologies.
The outcome		Students will gain knowledge about secure software development methodologies, as well as methodologies for detection and removal of threats and vulnerabilities in existing software systems.
Contents
URL to the subject page		https://rti.etf.bg.edu.rs/rti/ms1rbs/
Contents of lectures		Overview and motivation behind the secure software development lifecycle. Security requirements analysis. Secure design patterns and principles. Threat modelling and security design analysis. Web application vulnerabilities. Script language vulnerabilities. Application programming interface vulnerabilities. Managed language vulnerabilities. Security testing and dynamic application testing.
Contents of exercises		Same as theoretical content.
Literature
Jason Grembi, Secure Software Development: A Security Programmer's Guide 1st Edition, Cengage Learning, 2008 (Original title) Gary McGraw, Software Security: Building Security In 1st Edition, Addison-Wesley Professional, 2006 (Original title) Adam Shostack, Threat Modeling: Designing for Security 1st Edition, Wiley, 2014 (Original title)
Number of hours per week during the semester/trimester/year
Lectures	Exercises	OTC	Study and Research	Other classes
2	2	1
Methods of teaching		Lectures, exercises with demos in computer lab, lab exercises, seminars.
Knowledge score (maximum points 100)
Pre obligations		Points	Final exam	Points
Activites during lectures			Test paper	40
Practical lessons		40	Oral examination
Projects
Colloquia
Seminars		20