Past–Secure Software Development (2014)

Course information

Course: Secure Software Development (SecDev)
TUCAN: 20-00-0777
Instructor: Dr. Lotfi ben Othmane
Advisor: Prof. Dr. Eric Bodden
Type: Seminar
CP: 3
SWS: 2
Language: English
Time: Thursdays from 15:20 to 17:00
Location: Room Berlin, Fraunhofer SIT, Rheinstra├če 75, Darmstadt,
Recommended prerequisite: None
Diploma supplement: Secure software development

Description

The security of software systems is becoming critical. The goal of the course is to provide software developers with the knowledge and first experience they need for developing secure software. The main topics are:

  1. Secure software development life-cycle
  2. Threat modeling
  3. Risk assessment
  4. Security requirements
  5. Security architecture
  6. Secure coding standards
  7. Security code analysis
  8. Security testing
  9. Security code review
  10. Empirical analysis for secure software development

Competencies:

The students will gain knowledge about the methods and techniques to develop secure software. They will learn how to develop knowledge and share it and how to investigate a research problem on secure software development.

Structure:

  1. Each student prepares and presents one lecture on one of the topics of his/her choice. The student will be provided a set of research papers that s/he would use to prepare the lecture.
  2. Each student writes a term research paper that investigates a problem related to the topic of his choice, which should be selected in consultation with the instructor.
  3. Each student presents his term paper in the class.

The course will be for master students on software engineering, IT security and distributed systems.

Grades will be based on the lecture, the attendance, participation, and the term research paper.

The minimum number of students for this seminar is 6 and the maximum is 12.

Kick-off was on 16/10/2014. The slides are here.

Resources for skills improvement:

  1. W. Booth, G. Colomb, and J. Williams, From Topics to Questions, Chapter 3 in The Craft of Research.
  2. G. Reynolds, Crafting the Story, Chapter 4 of Presentationzen–Simple ideas on Presentation Design and Delivery.
  3. J. Zull, The Courageous Leap–Creating Knowledge by Using the Integrative Frontal Cortex, Chapter 10 of The Art of Changing the Brain.

Publishing your research: If you are interested in publishing your work, you may contact Dr. Ryoo (jryoo@psu.edu) to propose your work as a chapter in the book “Information Security and Assurance in Practice” that they will be editing. Please click here for further information.

The schedule of the presentations is:

Date Topics Presenters Resources
30/10/2014 Secure software development life-cycle Samir Sahu
Mohan Vaishnavi
Tadasa Mantri
6/11/2014 Threat modeling Anup Sebastian
Dhiraj Vijan
13/11/2014 Security requirements Shantanu Sardesai
Suhas Chikkanna
20/11/2014 Secure coding standards Sujay Gopalakrishna
Suhas Kala Bhairav
Deepak Jayaram
27/11/2014 Risk assessment Wael Alkhatib
Hosam Nima
Najlaa Metwally
4/12/2014 Static security code analysis Sebastian Funke
Brian Pfretzschner
Hamza Zulfiqar
11/12/2014 Security architecture Irfan Musa
Masood Hussain
Abdul Remhan Zafar
15/1/2015 Security testing Ajaykumar Sidde Gowda
Bheemarasetty Bhulok Sankar
29/1/2015 Software security metrics Ashish Prasad Sah
Suman Bidarahalli
Kushal Mokashi

 

One thought on “Past–Secure Software Development (2014)

  1. Pingback: Prof. Eric Bodden, Ph.D. » New Course Secure Software Development (SecDev)

Comments are closed.