COMP47660 Secure Software Engineering

Academic Year 2020/2021

This module is aimed at students who wish to develop a career as a Security Engineer, Architect or Analyst or are interested in further studies in the domain of secure software engineering.
Students will be encouraged to be active, motivated learners who can promote security practices and work in groups towards breaking, fixing, and building software systems. The module will provide a learning environment that will encourage students to construct their knowledge through problem solving as part of a team, and to critically reflect on recent security breaches and vulnerabilities so they can develop their own and others leadership and advocacy skills.

Show/hide contentOpenClose All

Curricular information is subject to change

Learning Outcomes:

- Identify key security concepts and threats to software systems;
- Distinguish the most common classes of vulnerabilities in software projects;
- Select countermeasures that could be applied to mitigate vulnerabilities;
- Identify and exploit security vulnerabilities in software projects;
- Develop patches to remove vulnerabilities from existing software projects;
- Work in teams, share work fairly and meet the obligations set by the group;
- Be curious about latest security vulnerabilities and patches;
- Actively Promote security practices

Modules Recommended:
- Introduction to Computer Forensics (COMP20130)
- Networks and Internet Systems (COMP30040)
- Distributed Systems (COMP30220)

Indicative Module Content:

- Web application development using Spring Boot
- OWASP Top 10 Vulnerabilities for each vulnerability exploit examples will be demonstrated
- Vulnerability mitigation strategies will also be showcased in practice using Spring Security

Student Effort Hours: 
Student Effort Type Hours
Lectures

24
Total

24
Approaches to Teaching and Learning:
This module will use mainly tutorials and flipped classrooms.
Most of the lecture content will be pre-recorded and the time allocated to the lecture will be used for in class activities: Q&As, tutorials and discussion forums.
 
Requirements, Exclusions and Recommendations

Not applicable to this module.


Module Requisites and Incompatibles
Not applicable to this module.
 
Assessment Strategy  
Description Timing Open Book Exam Component Scale Must Pass Component % of Final Grade
Group Project: Each group will improve the web application developed in Assignment 1 to remove the vulnerabilities identified in the previous assignment. Coursework (End of Trimester) n/a Graded Yes

40
Group Project: Implementation of a web application simulating a simplified hotel management system Week 5 n/a Graded Yes

20
Group Project: Creation of exploits that will exercise the vulnerabilities of the web application developed by another group. Week 10 n/a Graded Yes

40

Carry forward of passed components
No
 
Remediation Type Remediation Timing
In-Module Resit Prior to relevant Programme Exam Board
Please see Student Jargon Buster for more information about remediation types and timing. 
Feedback Strategy/Strategies

• Feedback individually to students, post-assessment
• Group/class feedback, post-assessment
• Peer review activities

How will my Feedback be Delivered?

The lecturer will provide a variety of feedback strategies. The lecturer will provide students examples of exploits and strategies to prevent vulnerabilities that the students are are required to apply in their group projects. At the end of each group project, the lecturer will provide written feedback to each group using an instructional rubric. The second group project will be peer-reviewed by a different group of students who will provide written feedback following a given set of assessment criteria.