ISTINYE UNIVERSITY BİLGİ PAKETİ / DERS KATALOĞU
| Software Engineering (English) | |||||
| Bachelor | TR-NQF-HE: Level 6 | QF-EHEA: First Cycle | EQF-LLL: Level 6 | ||
Course Introduction and Application Information
| Course Code: | SWE210 | ||||
| Course Name: | Software Security | ||||
| Semester: | Spring | ||||
| Course Credits: |
|
||||
| Language of instruction: | English | ||||
| Course Condition: | |||||
| Does the Course Require Work Experience?: | No | ||||
| Type of course: | Compulsory Courses | ||||
| Course Level: |
|
||||
| Mode of Delivery: | Face to face | ||||
| Course Coordinator: | Dr. Öğr. Üy. MUHAMMED DAVUD | ||||
| Course Lecturer(s): | Dr. Öğr. Üyesi Femilda Josephin Joseph Shobana Bai | ||||
| Course Assistants: |
Course Objective and Content
| Course Objectives: | The Software Security course aims to equip students with a comprehensive understanding of security principles, common vulnerabilities, and best practices in software development. The course will cover essential topics from the basics of the secure development lifecycle to advanced areas such as memory injection attacks and web security. Students will learn to identify, assess, and mitigate security risks, ensuring the development of secure and resilient software applications. Through a blend of theoretical knowledge and practical demonstrations, students will develop the expertise needed to implement robust security measures in their software projects. |
| Course Content: | The course starts with an introduction to security principles, followed by the Secure Development Lifecycle to integrate security throughout the software development process. Students will learn about various attack types, including memory, command, and script injection attacks. The course covers threat modeling and mitigation strategies, focusing on identifying and addressing security risks early. Privacy topics include authentication, access control, and encryption. The course also emphasizes security testing and web security, ensuring students can effectively evaluate and enhance the security of web applications. |
Learning Outcomes
|
The students who have succeeded in this course;
1) Understand core security principles and apply them to software systems. 2) Identify and mitigate common security vulnerabilities effectively. 3) Integrate security practices into the software development lifecycle. 4) Adapt privacy measures and access controls to protect sensitive data. 5) Conduct comprehensive security testing and evaluation using standard techniques. |
Course Flow Plan
| Week | Subject | Related Preparation |
| 1) | Introduction to security | |
| 3) | Memory Injection Attacks | |
| 4) | Command Injection attacks | |
| 5) | Script Injection Attacks | |
| 6) | Threat Modeling | |
| 7) | Mitigation | |
| 8) | Midterm Exam | |
| 9) | Privacy: Authentication, Access Control | |
| 10) | Privacy: Encryption | |
| 11) | Security Testing | |
| 12) | Security Testing | |
| 13) | Web Security | |
| 14) | Web Security |
Sources
| Course Notes / Textbooks: | 1. Payer, M. (2019). Software Security: Principles, Policies, and Protection. 2. Dowd, M., McDonald, J., & Schuh, J. (2006). The art of software security assessment: Identifying and preventing software vulnerabilities. Pearson Education. 3. Mead, N. R., Allen, J. H., Barnum, S., Ellison, R. J., & McGraw, G. R. (2004). Software security engineering: a guide for project managers. Addison-Wesley Professional. 4. Helfrich, J. N. (2018). Security for Software Engineers. CRC Press. 5. Ransome, J., & Misra, A. (2018). Core software security: Security at the source. CRC press. |
| References: | Class Notes |
Course - Program Learning Outcome Relationship
| Course Learning Outcomes | 1 |
2 |
3 |
4 |
5 |
||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Program Outcomes | |||||||||||
| 1) Adequate knowledge in mathematics, science and software engineering; the ability to use theoretical and practical knowledge in these areas in complex engineering problems. | |||||||||||
| 2) Ability to identify, formulate, and solve complex software engineering problems; ability to select and apply appropriate analysis and modeling methods for this purpose. | |||||||||||
| 3) Ability to design, implement, verify, validate, measure and maintain a complex software system, process, device or product to meet specific requirements under realistic constraints and conditions; ability to apply modern design methods for this purpose. | |||||||||||
| 4) Ability to develop, select and use modern techniques and tools necessary for the analysis and solution of complex problems encountered in software engineering applications; ability to use information technologies effectively. | |||||||||||
| 5) Ability to design, conduct experiments, collect data, analyze and interpret results for the study of complex engineering problems or software engineering research topics. | |||||||||||
| 6) Ability to work effectively within and multidisciplinary teams; individual study skills. | |||||||||||
| 7) Ability to communicate effectively orally and in writing; knowledge of at least one foreign language; ability to write effectice reports and understand written reports, to prepare design and production reports, to make effective presentations, to give and receive clear and understandable instructions. | |||||||||||
| 8) Awareness of the necessity of lifelong learning; ability to access information, to follow developments in science and technology and to renew continuously. | |||||||||||
| 9) To act in accordance with ethical principles, professional and ethical responsibility; information on the standards used in engineering applications. | |||||||||||
| 10) Information on business practices such as project management, risk management and change management; awareness of entrepreneurship and innovation; information about sustainable development. | |||||||||||
| 11) Knowledge of the effects of software engineering practices on health, environment and safety in the universal and social scale and the problems of the era reflected in software engineering; awareness of the legal consequences of software engineering solutions. | |||||||||||
Course - Learning Outcome Relationship
| No Effect | 1 Lowest | 2 Average | 3 Highest |
| Program Outcomes | Level of Contribution | |
| 1) | Adequate knowledge in mathematics, science and software engineering; the ability to use theoretical and practical knowledge in these areas in complex engineering problems. | 3 |
| 2) | Ability to identify, formulate, and solve complex software engineering problems; ability to select and apply appropriate analysis and modeling methods for this purpose. | 2 |
| 3) | Ability to design, implement, verify, validate, measure and maintain a complex software system, process, device or product to meet specific requirements under realistic constraints and conditions; ability to apply modern design methods for this purpose. | |
| 4) | Ability to develop, select and use modern techniques and tools necessary for the analysis and solution of complex problems encountered in software engineering applications; ability to use information technologies effectively. | 2 |
| 5) | Ability to design, conduct experiments, collect data, analyze and interpret results for the study of complex engineering problems or software engineering research topics. | 2 |
| 6) | Ability to work effectively within and multidisciplinary teams; individual study skills. | |
| 7) | Ability to communicate effectively orally and in writing; knowledge of at least one foreign language; ability to write effectice reports and understand written reports, to prepare design and production reports, to make effective presentations, to give and receive clear and understandable instructions. | |
| 8) | Awareness of the necessity of lifelong learning; ability to access information, to follow developments in science and technology and to renew continuously. | |
| 9) | To act in accordance with ethical principles, professional and ethical responsibility; information on the standards used in engineering applications. | |
| 10) | Information on business practices such as project management, risk management and change management; awareness of entrepreneurship and innovation; information about sustainable development. | |
| 11) | Knowledge of the effects of software engineering practices on health, environment and safety in the universal and social scale and the problems of the era reflected in software engineering; awareness of the legal consequences of software engineering solutions. |
Assessment & Grading
| Semester Requirements | Number of Activities | Level of Contribution |
| Homework Assignments | 4 | % 30 |
| Midterms | 1 | % 30 |
| Final | 1 | % 40 |
| total | % 100 | |
| PERCENTAGE OF SEMESTER WORK | % 60 | |
| PERCENTAGE OF FINAL WORK | % 40 | |
| total | % 100 | |
Workload and ECTS Credit Calculation
| Activities | Number of Activities | Workload |
| Course Hours | 13 | 39 |
| Study Hours Out of Class | 14 | 70 |
| Homework Assignments | 5 | 10 |
| Quizzes | 2 | 4 |
| Midterms | 1 | 2 |
| Final | 1 | 2 |
| Total Workload | 127 | |