Course: Secure Software Development (SecDev)
Instructor: Dr. Lotfi ben Othmane
Advisor: Prof. Dr. Eric Bodden
Time: Thursdays from 15:20 to 17:00
Location: Room Berlin, Fraunhofer SIT, Rheinstraße 75, Darmstadt,
Recommended prerequisite: None
Diploma supplement: Secure software development
The security of software systems is becoming critical. The goal of the course is to provide software developers with the knowledge and first experience they need for developing secure software. The main topics are:
- Secure software development life-cycle
- Threat modeling
- Risk assessment
- Security requirements
- Security architecture
- Secure coding standards
- Security code analysis
- Security testing
- Security code review
- Empirical analysis for secure software development
The students will gain knowledge about the methods and techniques to develop secure software. They will learn how to develop knowledge and share it and how to investigate a research problem on secure software development.
- Each student prepares and presents one lecture on one of the topics of his/her choice. The student will be provided a set of research papers that s/he would use to prepare the lecture.
- Each student writes a term research paper that investigates a problem related to the topic of his choice, which should be selected in consultation with the instructor.
- Each student presents his term paper in the class.
The course will be for master students on software engineering, IT security and distributed systems.
Grades will be based on the lecture, the attendance, participation, and the term research paper.
The minimum number of students for this seminar is 6 and the maximum is 12.
Kick-off was on 16/10/2014. The slides are here.
Resources for skills improvement:
- W. Booth, G. Colomb, and J. Williams, From Topics to Questions, Chapter 3 in The Craft of Research.
- G. Reynolds, Crafting the Story, Chapter 4 of Presentationzen–Simple ideas on Presentation Design and Delivery.
- J. Zull, The Courageous Leap–Creating Knowledge by Using the Integrative Frontal Cortex, Chapter 10 of The Art of Changing the Brain.
Publishing your research: If you are interested in publishing your work, you may contact Dr. Ryoo (firstname.lastname@example.org) to propose your work as a chapter in the book “Information Security and Assurance in Practice” that they will be editing. Please click here for further information.
The schedule of the presentations is:
|30/10/2014||Secure software development life-cycle||Samir Sahu
|6/11/2014||Threat modeling||Anup Sebastian
|13/11/2014||Security requirements||Shantanu Sardesai
|20/11/2014||Secure coding standards||Sujay Gopalakrishna
Suhas Kala Bhairav
|27/11/2014||Risk assessment||Wael Alkhatib
|4/12/2014||Static security code analysis||Sebastian Funke
|11/12/2014||Security architecture||Irfan Musa
Abdul Remhan Zafar
|15/1/2015||Security testing||Ajaykumar Sidde Gowda
Bheemarasetty Bhulok Sankar
|29/1/2015||Software security metrics||Ashish Prasad Sah