Unit - QUT - QUT Portal

Unit code:	IFB343
Prerequisite(s):	IFB104 and IFB240
Assumed Knowledge:	Familiarity with principles of information security. General knowledge in software engineering and testing. Sound skills in solving computational problems and implementing these solutions in a programming language.
Credit points:	12
Timetable	Details in HiQ, if available
Availabilities	Gardens Point Semester 1 Online Semester 1 More about teaching periods More about unit attendance modes
CSP student contribution	$1,192
Domestic tuition unit fee	$4,704
International unit fee	$5,640

This unit gives you the opportunity to learn a comprehensive set of skills critical to the field of secure software development. You will gain a solid understanding of the fundamental principles of secure software development, including the identification and incorporation of security requirements throughout the software development lifecycle. You will explore various categories of software vulnerabilities, along with effective strategies for their prevention, detection, and mitigation to reduce exploitation risks. You will learn to apply industry-standard frameworks, guidelines, and policies that are essential for developing secure software. The course also covers advanced security testing and analysis techniques to ensure robust protection against vulnerabilities. This unit prepares you with both theoretical insights and real-world practical skills, setting a strong foundation for a career in secure software development.

Unit Outline: Semester 1 2026, Gardens Point, Internal

Unit code:	IFB343
Credit points:	12
Pre-requisite:	IFB104 and IFB240
Assumed Knowledge:	Familiarity with principles of information security. General knowledge in software engineering and testing. Sound skills in solving computational problems and implementing these solutions in a programming language.
Coordinator:	Yi Lu \| yt.lu@qut.edu.au

Disclaimer - Offer of some units is subject to viability, and information in these Unit Outlines is subject to change prior to commencement of the teaching period.

Overview

This unit gives you the opportunity to learn a comprehensive set of skills critical to the field of secure software development. You will gain a solid understanding of the fundamental principles of secure software development, including the identification and incorporation of security requirements throughout the software development lifecycle. You will explore various categories of software vulnerabilities, along with effective strategies for their prevention, detection, and mitigation to reduce exploitation risks. You will learn to apply industry-standard frameworks, guidelines, and policies that are essential for developing secure software. The course also covers advanced security testing and analysis techniques to ensure robust protection against vulnerabilities. This unit prepares you with both theoretical insights and real-world practical skills, setting a strong foundation for a career in secure software development.

Learning Outcomes

On successful completion of this unit you will be able to:

Explain the fundamental principles of secure software development, including the role of security requirements in software development.
Analyse robust software security through innovative IT solutions to drive business success by protecting assets and fostering trust.
Apply technical knowledge of software security to identify common security vulnerabilities in software systems.
Evaluate security in software project management with a proactive, lifelong learning approach that continuously enhances skills and knowledge.
Communicate software security methods to a diverse range of stakeholders for preventing software vulnerabilities and mitigating the exploitation of vulnerabilities.
Explain the use of AI methodologies to enhance security of software systems.

Content

This unit is designed to guide you through the fundamental principles of secure software development, starting with a solid understanding of the basics and progressing to more advanced strategies. The unit is structured into two interconnected modules. By the end of these modules, you will not only grasp the theoretical concepts but also gain hands-on experience in implementing security measures that align with industry standards. The skills acquired here are essential for those aspiring to excel in the field of software security.

The first module explores the importance of incorporating security requirements into the software development process to protect systems from potential threats. You will be able to describe the core principles of secure software development and industry-standard supply chain levels for software artifacts. You will learn about the frameworks, guidelines, and policies used by the industry to build secure software, and will be able to identify and articulate how this knowledge will be of use when working as an IT professional. By the end of this module, you will learn how the secure software development lifecycle promotes proactive risk management and innovation, encourages entrepreneurial thinking, ensures robust security, and facilitates the identification of new business opportunities related to secure software development.
Building upon the foundational knowledge from the first module, the second module goes deeper into practical approaches for preventing, detecting, and mitigating software vulnerabilities. You will learn to implement strategies to prevent common software vulnerabilities and techniques to detect them before exploitation. The module also covers various security testing and analysis techniques to ensure the integrity of software applications. Additionally, you will explore how AI can be applied to enhance software security, offering a modern approach to proactive threat detection. By the end of this module, you will gain hands-on experience in securing software systems and applying advanced techniques to safeguard them from potential exploitation.

Learning Approaches

You are responsible for your academic progression through this unit. Unit staff will provide a learning environment designed to maximise your learning experience. In order to realise your full potential, it is strongly recommended that you actively participate in all of the learning activities offered in this unit.

This unit engages you in your learning through a problem-based learning approach with the objective of preparing you to solve problems that you will meet during your professional or academic career:

Weekly lectures introduce theoretical aspects of software security and technology relevant to each week’s topic.
Tutorials reinforce lecture materials through real-world applications centred on practical aspects relevant to each lecture.
Online resources (such as reading materials) will help you enhance your understanding of the technical concepts introduced in this unit.

You should expect to spend, on average, 10 - 15 hours per week involved in preparing for and attending scheduled classes, preparing and completing assessment tasks as well as in independent study to consolidate your learning. You must be able to manage your time and prioritise activities to complete the required unit activities.

The unit coordinator will use email and the unit's QUT Learning Management System to make announcements and post various types of information throughout the semester. It is your responsibility to access your email account and the unit's QUT Learning Management System regularly.

Feedback on Learning and Assessment

You will have a range of opportunities to receive feedback on your learning and progress in this unit, including:

formative in-class individual and whole-of-class feedback provided by unit staff during tutorial classes
responses to questions posed through the unit communication channel from your peers and teaching staff
feedback given on your assessment items via the rubric and written feedback, individually and during scheduled review sessions
have a private consultation with teaching staff

Assessment

Overview

This unit introduces foundational concepts and principles, so the assessment is based on the knowledge acquired throughout the semester. The practical projects will be multifaceted, combining elements of analysis, design, development and evaluation.

Unit Grading Scheme

7- point scale

Assessment Tasks

Assessment: Secure software design and development (report and presentation)

The objective of this assessment is to evaluate your practical skills and theoretical knowledge essential for developing secure software systems. The assessment task is designed to enhance your understanding of secure software development practices and use of prepared statements to safeguard against attacks. With this assignment you will gain experience in secure analysis and design by incorporating security measures into the software development lifecycle.

This assignment is eligible for the 48-hour late submission period and assignment extensions

Weight: 30

Length: 1500 words and 5 minute presentation/demonstration

Individual/Group: Group

Due (indicative): Week 6

Related Unit learning outcomes: 1, 2, 3

Assessment: Software security analysis (report and demonstration)

The objective of this assignment is to analyse vulnerabilities present in real-world software using fuzz testing. This exercise aims to provide you with practical experience in investigating and documenting vulnerabilities, with the option to exploit them if desired. By engaging in this assignment, you will also gain an understanding of the advantages and drawbacks of fuzz testing.

This assignment is eligible for the 48-hour late submission period and assignment extensions.

Weight: 30

Length: 1500 word report and 5-minute presentation/demonstration

Individual/Group: Individual

Due (indicative): Week 12

Related Unit learning outcomes: 3, 4, 5

Assessment: Examination (written)

The final exam assesses your understanding and application of both theoretical concepts and practical skills covered in the unit.

Weight: 40

Individual/Group: Individual

Due (indicative): During central examination period

Related Unit learning outcomes: 1, 2, 3, 4, 5, 6

Academic Integrity

Academic integrity is a commitment to undertaking academic work and assessment in a manner that is ethical, fair, honest, respectful and accountable.

The Academic Integrity Policy sets out the range of conduct that can be a failure to maintain the standards of academic integrity. This includes, cheating in exams, plagiarism, self-plagiarism, collusion and contract cheating. It also includes providing fraudulent or altered documentation in support of an academic concession application, for example an assignment extension or a deferred exam.

You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.

Breaching QUT’s Academic Integrity Policy or engaging in conduct that may defeat or compromise the purpose of assessment can lead to a finding of student misconduct (Code of Conduct – Student) and result in the imposition of penalties under the Management of Student Misconduct Policy, ranging from a grade reduction to exclusion from QUT.

Requirements to Study

Costs

No extraordinary charges and costs are associated with the requirements of this unit.

Resources

This unit covers state-of-the-art secure software development technology. Hence, there is no prescribed textbook for this unit.

The unit Canvas site will provide all reading materials, library resources and links to online resources as well as sample tools. Students are encouraged to read tutorials, standards specifications, technical papers, and scientific papers available on the Internet.

Risk Assessment Statement

There are no extraordinary risks associated with the classroom/ lecture activities in this unit.

Course Learning Outcomes

This unit is designed to support your development of the following course/study area learning outcomes.

IN01 Bachelor of Information Technology

Demonstrate a broad theoretical and technical knowledge of well-established and emerging IT disciplines, with in-depth knowledge in at least one specialist area aligned to multiple ICT professional roles.
Relates to: ULO1, Secure software design and development (report and presentation), Examination (written)
Integrate and apply technical knowledge and skills to analyse, design, build, operate and maintain sustainable, secure IT systems using industry-standard tools, technologies, platforms, and processes.
Relates to: ULO3, Secure software design and development (report and presentation), Software security analysis (report and demonstration), Examination (written)
Demonstrate an understanding of the role of IT in enabling business outcomes and how business realities shape IT decisions.
Relates to: ULO2, Secure software design and development (report and presentation)
Demonstrate initiative, autonomy and personal responsibility for continuous learning, working both independently and collaboratively within multi-disciplinary teams, employing state-of-the-art IT project management methodologies to plan and manage time, resources, and risk.
Relates to: ULO4, Software security analysis (report and demonstration), Examination (written)
Communicate professionally and effectively in written, verbal and visual formats to a diverse range of stakeholders, considering the audience and explaining complex ideas in a simple and understandable manner in a range of IT-related contexts.
Relates to: ULO5, Software security analysis (report and demonstration), Examination (written)
Assess the risks and potential of artificial intelligence (and other disruptive emerging technologies) within an organisation and leverage AI knowledge and skills to solve IT challenges, improve productivity and add value.
Relates to: ULO6, Examination (written)

Unit Outline: Semester 1 2026, Online

Unit code:	IFB343
Credit points:	12
Pre-requisite:	IFB104 and IFB240
Assumed Knowledge:	Familiarity with principles of information security. General knowledge in software engineering and testing. Sound skills in solving computational problems and implementing these solutions in a programming language.

Disclaimer - Offer of some units is subject to viability, and information in these Unit Outlines is subject to change prior to commencement of the teaching period.

Overview

This unit gives you the opportunity to learn a comprehensive set of skills critical to the field of secure software development. You will gain a solid understanding of the fundamental principles of secure software development, including the identification and incorporation of security requirements throughout the software development lifecycle. You will explore various categories of software vulnerabilities, along with effective strategies for their prevention, detection, and mitigation to reduce exploitation risks. You will learn to apply industry-standard frameworks, guidelines, and policies that are essential for developing secure software. The course also covers advanced security testing and analysis techniques to ensure robust protection against vulnerabilities. This unit prepares you with both theoretical insights and real-world practical skills, setting a strong foundation for a career in secure software development.

Learning Outcomes

On successful completion of this unit you will be able to:

Explain the fundamental principles of secure software development, including the role of security requirements in software development.
Analyse robust software security through innovative IT solutions to drive business success by protecting assets and fostering trust.
Apply technical knowledge of software security to identify common security vulnerabilities in software systems.
Evaluate security in software project management with a proactive, lifelong learning approach that continuously enhances skills and knowledge.
Communicate software security methods to a diverse range of stakeholders for preventing software vulnerabilities and mitigating the exploitation of vulnerabilities.
Explain the use of AI methodologies to enhance security of software systems.

Content

This unit is designed to guide you through the fundamental principles of secure software development, starting with a solid understanding of the basics and progressing to more advanced strategies. The unit is structured into two interconnected modules. By the end of these modules, you will not only grasp the theoretical concepts but also gain hands-on experience in implementing security measures that align with industry standards. The skills acquired here are essential for those aspiring to excel in the field of software security.

The first module explores the importance of incorporating security requirements into the software development process to protect systems from potential threats. You will be able to describe the core principles of secure software development and industry-standard supply chain levels for software artifacts. You will learn about the frameworks, guidelines, and policies used by the industry to build secure software, and will be able to identify and articulate how this knowledge will be of use when working as an IT professional. By the end of this module, you will learn how the secure software development lifecycle promotes proactive risk management and innovation, encourages entrepreneurial thinking, ensures robust security, and facilitates the identification of new business opportunities related to secure software development.
Building upon the foundational knowledge from the first module, the second module goes deeper into practical approaches for preventing, detecting, and mitigating software vulnerabilities. You will learn to implement strategies to prevent common software vulnerabilities and techniques to detect them before exploitation. The module also covers various security testing and analysis techniques to ensure the integrity of software applications. Additionally, you will explore how AI can be applied to enhance software security, offering a modern approach to proactive threat detection. By the end of this module, you will gain hands-on experience in securing software systems and applying advanced techniques to safeguard them from potential exploitation.

Learning Approaches

You are responsible for your academic progression through this unit. Unit staff will provide a learning environment designed to maximise your learning experience. In order to realise your full potential, it is strongly recommended that you actively participate in all of the learning activities offered in this unit.

This unit engages you in your learning through a problem-based learning approach with the objective of preparing you to solve problems that you will meet during your professional or academic career:

Weekly lectures introduce theoretical aspects of software security and technology relevant to each week’s topic.
Tutorials reinforce lecture materials through real-world applications centred on practical aspects relevant to each lecture.
Online resources (such as reading materials) will help you enhance your understanding of the technical concepts introduced in this unit.

You should expect to spend, on average, 10 - 15 hours per week involved in preparing for and attending scheduled classes, preparing and completing assessment tasks as well as in independent study to consolidate your learning. You must be able to manage your time and prioritise activities to complete the required unit activities.

The unit coordinator will use email and the unit's QUT Learning Management System to make announcements and post various types of information throughout the semester. It is your responsibility to access your email account and the unit's QUT Learning Management System regularly.

Feedback on Learning and Assessment

You will have a range of opportunities to receive feedback on your learning and progress in this unit, including:

formative in-class individual and whole-of-class feedback provided by unit staff during tutorial classes
responses to questions posed through the unit communication channel from your peers and teaching staff
feedback given on your assessment items via the rubric and written feedback, individually and during scheduled review sessions
have a private consultation with teaching staff

Assessment

Overview

This unit introduces foundational concepts and principles, so the assessment is based on the knowledge acquired throughout the semester. The practical projects will be multifaceted, combining elements of analysis, design, development and evaluation.

Unit Grading Scheme

7- point scale

Assessment Tasks

Assessment: Secure software design and development (report and presentation)

The objective of this assessment is to evaluate your practical skills and theoretical knowledge essential for developing secure software systems. The assessment task is designed to enhance your understanding of secure software development practices and use of prepared statements to safeguard against attacks. With this assignment you will gain experience in secure analysis and design by incorporating security measures into the software development lifecycle.

This assignment is eligible for the 48-hour late submission period and assignment extensions

Weight: 30

Length: 1500 words and 5 minute presentation/demonstration

Individual/Group: Group

Due (indicative): Week 6

Related Unit learning outcomes: 1, 2, 3

Assessment: Software security analysis (report and demonstration)

The objective of this assignment is to analyse vulnerabilities present in real-world software using fuzz testing. This exercise aims to provide you with practical experience in investigating and documenting vulnerabilities, with the option to exploit them if desired. By engaging in this assignment, you will also gain an understanding of the advantages and drawbacks of fuzz testing.

This assignment is eligible for the 48-hour late submission period and assignment extensions.

Weight: 30

Length: 1500 word report and 5-minute presentation/demonstration

Individual/Group: Individual

Due (indicative): Week 12

Related Unit learning outcomes: 3, 4, 5

Assessment: Examination (written)

The final exam assesses your understanding and application of both theoretical concepts and practical skills covered in the unit.

Weight: 40

Individual/Group: Individual

Due (indicative): During central examination period

Related Unit learning outcomes: 1, 2, 3, 4, 5, 6

Academic Integrity

Academic integrity is a commitment to undertaking academic work and assessment in a manner that is ethical, fair, honest, respectful and accountable.

The Academic Integrity Policy sets out the range of conduct that can be a failure to maintain the standards of academic integrity. This includes, cheating in exams, plagiarism, self-plagiarism, collusion and contract cheating. It also includes providing fraudulent or altered documentation in support of an academic concession application, for example an assignment extension or a deferred exam.

You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.

Breaching QUT’s Academic Integrity Policy or engaging in conduct that may defeat or compromise the purpose of assessment can lead to a finding of student misconduct (Code of Conduct – Student) and result in the imposition of penalties under the Management of Student Misconduct Policy, ranging from a grade reduction to exclusion from QUT.

Requirements to Study

Costs

No extraordinary charges and costs are associated with the requirements of this unit.

Resources

This unit covers state-of-the-art secure software development technology. Hence, there is no prescribed textbook for this unit.

The unit Canvas site will provide all reading materials, library resources and links to online resources as well as sample tools. Students are encouraged to read tutorials, standards specifications, technical papers, and scientific papers available on the Internet.

Risk Assessment Statement

There are no extraordinary risks associated with the classroom/ lecture activities in this unit.

Course Learning Outcomes

This unit is designed to support your development of the following course/study area learning outcomes.

IN01 Bachelor of Information Technology

Demonstrate a broad theoretical and technical knowledge of well-established and emerging IT disciplines, with in-depth knowledge in at least one specialist area aligned to multiple ICT professional roles.
Relates to: ULO1, Secure software design and development (report and presentation), Examination (written)
Integrate and apply technical knowledge and skills to analyse, design, build, operate and maintain sustainable, secure IT systems using industry-standard tools, technologies, platforms, and processes.
Relates to: ULO3, Secure software design and development (report and presentation), Software security analysis (report and demonstration), Examination (written)
Demonstrate an understanding of the role of IT in enabling business outcomes and how business realities shape IT decisions.
Relates to: ULO2, Secure software design and development (report and presentation)
Demonstrate initiative, autonomy and personal responsibility for continuous learning, working both independently and collaboratively within multi-disciplinary teams, employing state-of-the-art IT project management methodologies to plan and manage time, resources, and risk.
Relates to: ULO4, Software security analysis (report and demonstration), Examination (written)
Communicate professionally and effectively in written, verbal and visual formats to a diverse range of stakeholders, considering the audience and explaining complex ideas in a simple and understandable manner in a range of IT-related contexts.
Relates to: ULO5, Software security analysis (report and demonstration), Examination (written)
Assess the risks and potential of artificial intelligence (and other disruptive emerging technologies) within an organisation and leverage AI knowledge and skills to solve IT challenges, improve productivity and add value.
Relates to: ULO6, Examination (written)

IFB343 Secure Software Development

Unit Outline: Semester 1 2026, Gardens Point, Internal

Overview

Learning Outcomes

Content

Learning Approaches

Feedback on Learning and Assessment

Assessment

Overview

Unit Grading Scheme

Assessment Tasks

Assessment: Secure software design and development (report and presentation)

Assessment: Software security analysis (report and demonstration)

Assessment: Examination (written)

Academic Integrity

Requirements to Study

Costs

Resources

Risk Assessment Statement

Course Learning Outcomes

IN01 Bachelor of Information Technology

Unit Outline: Semester 1 2026, Online

Overview

Learning Outcomes

Content

Learning Approaches

Feedback on Learning and Assessment

Assessment

Overview

Unit Grading Scheme

Assessment Tasks

Assessment: Secure software design and development (report and presentation)

Assessment: Software security analysis (report and demonstration)

Assessment: Examination (written)

Academic Integrity

Requirements to Study

Costs

Resources

Risk Assessment Statement

Course Learning Outcomes

IN01 Bachelor of Information Technology

Home