|
YZLM5110 | Software Security | 3+0+0 | ECTS:7.5 | Year / Semester | Spring Semester | Level of Course | Second Cycle | Status | Elective | Department | DEPARTMENT of SOFTWARE ENGINEERING | Prerequisites and co-requisites | None | Mode of Delivery | | Contact Hours | 14 weeks - 3 hours of lectures per week | Lecturer | Dr. Öğr. Üyesi Asuman GÜNAY YILMAZ | Co-Lecturer | | Language of instruction | Turkish | Professional practise ( internship ) | None | | The aim of the course: | To understand software security principles, to use software security methods, to create secure software development life cycle, to use security testing tools, to learn safe software development maturity models, to define and analyze application security rules. |
Programme Outcomes | CTPO | TOA | Upon successful completion of the course, the students will be able to : | | | PO - 1 : | Know the basic rules of secure software development | 2,4,6 | 1,3, | PO - 2 : | Identify software security requirements and perform risk analysis | 2,4,6 | 1,3, | PO - 3 : | Design secure software | 2,4,6 | 1,3, | PO - 4 : | Apply software security testing methods | 2,4,6 | 1,3, | CTPO : Contribution to programme outcomes, TOA :Type of assessment (1: written exam, 2: Oral exam, 3: Homework assignment, 4: Laboratory exercise/exam, 5: Seminar / presentation, 6: Term paper), PO : Learning Outcome | |
Basic principles of secure software development: data protection, authentication, authorization, accessibility, monitoring and control, secure software development life cycle, software security methods, software working environment security and analysis methods, definition of software security requirements, software security design, analysis |
|
Course Syllabus | Week | Subject | Related Notes / Files | Week 1 | Basic principles of secure software development | | Week 2 | Data protection, authentication | | Week 3 | Authorization, accessibility | | Week 4 | Monitoring and control, other security precautions | | Week 5 | Secure software development life cycle | | Week 6 | Intuitive and formal security methods | | Week 7 | Software operating environment security methods | | Week 8 | Analysis methods | | Week 9 | Midterm exam | | Week 10 | Definition of software security requirements | | Week 11 | Software security design and architecture | | Week 12 | Software security analysis methods | | Week 13 | Software security testing methods | | Week 14 | Software assurance maturity model | | Week 15 | Security development maturity model | | Week 16 | Final exam | | |
1 | Software Security:Building Security in, Gary McGraw, Addison-Wesley Professional, 2006, 408 pages. | | |
1 | Yazılım Güvenliği-Saldırı ve Savunma, Bünyamin Demir, Dikeyeksen Yayınevi, 452 sayfa. | | |
Method of Assessment | Type of assessment | Week No | Date | Duration (hours) | Weight (%) | Mid-term exam | 9 | | 3 | 30 | Homework/Assignment/Term-paper | 5 12 | | 6 | 20 | End-of-term exam | 16 | | 3 | 50 | |
Student Work Load and its Distribution | Type of work | Duration (hours pw) | No of weeks / Number of activity | Hours in total per term | Yüz yüze eğitim | 3 | 14 | 42 | Sınıf dışı çalışma | 3 | 14 | 42 | Arasınav için hazırlık | 4 | 8 | 32 | Arasınav | 3 | 1 | 3 | Ödev | 5 | 7 | 35 | Dönem sonu sınavı için hazırlık | 4 | 8 | 32 | Dönem sonu sınavı | 3 | 1 | 3 | Total work load | | | 189 |
|