Unit - QUT - QUT Portal

Unit code:	IFQ657
Prerequisite(s):	IFQ635 or IFN635 AND (IFQ581 or IFN581 or ((IFN555 and IFN556) or (IFQ555 and IFQ556))
Equivalent(s):	IFN657
Assumed Knowledge:	Familiarity with principles of information security. General knowledge in software engineering and testing. Sound skills of solving computational problems and implementing these solutions in a programming language.
Credit points:	12
Timetable	Details in HiQ, if available
Availabilities	Online Session 1, Session 3 More about teaching periods More about unit attendance modes
CSP student contribution	$1,192
Domestic tuition unit fee	$4,116
International unit fee	$5,616

A software system is secure if it satisfies a specified or implied security objective related to the confidentiality, integrity and availability requirements for the system’s data and functionality. A security failure is a scenario where the software system does not achieve its security objective. They can often be attributed to poor software design and implementation, including poor understanding of code-level security requirements, inadequate handling of exceptional cases, incomplete descriptions of the interface between components for secure interactions, and insufficient care in the use of programming languages. This Software Security unit provides a structured overview of known categories of software vulnerabilities, and of techniques that can be used to prevent or detect such vulnerabilities, or to mitigate their exploitation.

Unit Outline: Session 1 2026, QUT Online, Online

Unit code:	IFQ657
Credit points:	12
Pre-requisite:	IFQ635 or IFN635 AND (IFQ581 or IFN581 or ((IFN555 and IFN556) or (IFQ555 and IFQ556))
Equivalent:	IFN657
Assumed Knowledge:	Familiarity with principles of information security. General knowledge in software engineering and testing. Sound skills of solving computational problems and implementing these solutions in a programming language.

Disclaimer - Offer of some units is subject to viability, and information in these Unit Outlines is subject to change prior to commencement of the teaching period.

Overview

A software system is secure if it satisfies a specified or implied security objective related to the confidentiality, integrity and availability requirements for the system’s data and functionality. A security failure is a scenario where the software system does not achieve its security objective. They can often be attributed to poor software design and implementation, including poor understanding of code-level security requirements, inadequate handling of exceptional cases, incomplete descriptions of the interface between components for secure interactions, and insufficient care in the use of programming languages.

This Software Security unit provides a structured overview of known categories of software vulnerabilities, and of techniques that can be used to prevent or detect such vulnerabilities, or to mitigate their exploitation.

Learning Outcomes

On successful completion of this unit you will be able to:

Explain the fundamental principles of software security, including the role of security requirements in software development.
Identify common security vulnerabilities in software systems.
Apply appropriate security testing and analysis techniques to detect security vulnerabilities in a variety of contexts (systems applications, web-based and database software).
Evaluate the security of real-world software using secure programming techniques and tools.
Recommend and justify methods to prevent software vulnerabilities or mitigate the exploitation of vulnerabilities.

Content

In this unit, you will learn about:

Fundamental principles of software security
Security requirements and their role in software development
Security issues in software implementation in different programming languages
Categories of software vulnerabilities
Prevention of software vulnerabilities
Detection of software vulnerabilities
Mitigating Exploitation of software vulnerabilities

Learning Approaches

This unit is designed for asynchronous online study, with activities including numerous short videos, podcasts and exercises carefully chosen to reinforce key skills and concepts. Students will have the opportunity to participate in online discussions with peers and teaching staff.

The unit engages you in your learning through a problem-based learning approach with the objective of preparing you to solve problems that you will meet during your professional or academic career:

Introduction to both theoretical and practical aspects of software security and technology relevant to each week’s topic.
Exercises to reinforce learning materials through participatory discussions centred on questions relevant to week's topic.
Online resources (such as reading materials) will help you enhance your understanding of the technical concepts introduced in this unit.

The unit coordinator will use email and the unit's QUT Canvas site to make announcements and post various types of information throughout the teaching period. It is your responsibility to access your email account and the unit's QUT Canvas site regularly.

Feedback on Learning and Assessment

Feedback in this unit will be provided to you in the following ways:

Discussions on a range of formative exercises.
Generic comments to the cohort via QUT Canvas.
Advice and assistance during sessions.
Feedback to assessment items will be provided in the form of criteria sheet grading to give more detailed feedback.

Assessment

Overview

This unit introduces foundational concepts and principles, so the assessment is based around the knowledge acquired throughout the semester. The programming projects will be multifaceted, combining elements of analysis, design, development and evaluation.

Unit Grading Scheme

7- point scale

Assessment Tasks

Assessment: Assignment 1: Exploiting memory corruption

The objective of this assessment is to gain practical experience with memory corruption security vulnerabilities, specifically buffer overflow and format string attacks. This understanding will be demonstrated by crafting simple exploits and describing the principles underpinning the exploitation.

The use of generative artificial intelligence (GenAI) tools is prohibited during this assessment.

This assignment is eligible for the 48-hour late submission period and assignment extensions.

Weight: 20

Length: Report of up to 5 pages with screenshots of evidence of working exploits and less than 100 lines of code.

Individual/Group: Individual

Due (indicative): Consolidation Week

Related Unit learning outcomes: 1, 2, 5

Assessment: Assignment 2: Fuzzing project

The objective of this assignment is to analyse vulnerabilities present in real-world software using AFL (American Fuzzy Lop). This exercise aims to provide practical experience in investigating and documenting vulnerabilities, with the option to exploit them if desired. By engaging in this assignment, you will also gain an understanding of the advantages and drawbacks of fuzz testing.

The use of generative artificial intelligence (GenAI) tools is prohibited during this assessment.

This assignment is eligible for the 48-hour late submission period and assignment extensions.

Weight: 30

Length: Report of 2 or 3 pages per student with screenshots of evidence.

Individual/Group: Either group or individual

Due (indicative): Week 8

Related Unit learning outcomes: 1, 2, 3, 4, 5

Assessment: Invigilated Exam

The final exam assesses the understanding and application of both theoretical concepts and practical skills covered in the unit.

The use of generative artificial intelligence (GenAI) tools is prohibited during this assessment.

Weight: 50

Length: 2:40 - Including 10 minute perusal

Individual/Group: Individual

Due (indicative): Assignment Week

Related Unit learning outcomes: 1, 2, 3, 4, 5

Academic Integrity

Academic integrity is a commitment to undertaking academic work and assessment in a manner that is ethical, fair, honest, respectful and accountable.

The Academic Integrity Policy sets out the range of conduct that can be a failure to maintain the standards of academic integrity. This includes, cheating in exams, plagiarism, self-plagiarism, collusion and contract cheating. It also includes providing fraudulent or altered documentation in support of an academic concession application, for example an assignment extension or a deferred exam.

You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.

Breaching QUT’s Academic Integrity Policy or engaging in conduct that may defeat or compromise the purpose of assessment can lead to a finding of student misconduct (Code of Conduct – Student) and result in the imposition of penalties under the Management of Student Misconduct Policy, ranging from a grade reduction to exclusion from QUT.

Resources

This advanced unit covers state-of-the-art software development and related security technology. Hence, there is no prescribed textbook for this unit. No extraordinary charges and costs are associated with the requirements of this unit.

The IFQ657 Canvas site will provide all reading materials, library resources and links to online resources as well as sample tools. Students are encouraged to read tutorials, standards specifications, technical papers, and scientific papers available on the Internet.

Risk Assessment Statement

There are no health and safety risks associated with this unit.

Unit Outline: Session 3 2026, QUT Online, Online

Unit code:	IFQ657
Credit points:	12
Pre-requisite:	IFQ635 or IFN635 AND (IFQ581 or IFN581 or ((IFN555 and IFN556) or (IFQ555 and IFQ556))
Equivalent:	IFN657
Assumed Knowledge:	Familiarity with principles of information security. General knowledge in software engineering and testing. Sound skills of solving computational problems and implementing these solutions in a programming language.

Disclaimer - Offer of some units is subject to viability, and information in these Unit Outlines is subject to change prior to commencement of the teaching period.

Overview

A software system is secure if it satisfies a specified or implied security objective related to the confidentiality, integrity and availability requirements for the system’s data and functionality. A security failure is a scenario where the software system does not achieve its security objective. They can often be attributed to poor software design and implementation, including poor understanding of code-level security requirements, inadequate handling of exceptional cases, incomplete descriptions of the interface between components for secure interactions, and insufficient care in the use of programming languages.

This Software Security unit provides a structured overview of known categories of software vulnerabilities, and of techniques that can be used to prevent or detect such vulnerabilities, or to mitigate their exploitation.

Learning Outcomes

On successful completion of this unit you will be able to:

Explain the fundamental principles of software security, including the role of security requirements in software development.
Identify common security vulnerabilities in software systems.
Apply appropriate security testing and analysis techniques to detect security vulnerabilities in a variety of contexts (systems applications, web-based and database software).
Evaluate the security of real-world software using secure programming techniques and tools.
Recommend and justify methods to prevent software vulnerabilities or mitigate the exploitation of vulnerabilities.

Content

In this unit, you will learn about:

Fundamental principles of software security
Security requirements and their role in software development
Security issues in software implementation in different programming languages
Categories of software vulnerabilities
Prevention of software vulnerabilities
Detection of software vulnerabilities
Mitigating Exploitation of software vulnerabilities

Learning Approaches

This unit is designed for asynchronous online study, with activities including numerous short videos, podcasts and exercises carefully chosen to reinforce key skills and concepts. Students will have the opportunity to participate in online discussions with peers and teaching staff.

The unit engages you in your learning through a problem-based learning approach with the objective of preparing you to solve problems that you will meet during your professional or academic career:

Introduction to both theoretical and practical aspects of software security and technology relevant to each week’s topic.
Exercises to reinforce learning materials through participatory discussions centred on questions relevant to week's topic.
Online resources (such as reading materials) will help you enhance your understanding of the technical concepts introduced in this unit.

The unit coordinator will use email and the unit's QUT Canvas site to make announcements and post various types of information throughout the teaching period. It is your responsibility to access your email account and the unit's QUT Canvas site regularly.

Feedback on Learning and Assessment

Feedback in this unit will be provided to you in the following ways:

Discussions on a range of formative exercises.
Generic comments to the cohort via QUT Canvas.
Advice and assistance during sessions.
Feedback to assessment items will be provided in the form of criteria sheet grading to give more detailed feedback.

Assessment

Overview

This unit introduces foundational concepts and principles, so the assessment is based around the knowledge acquired throughout the semester. The programming projects will be multifaceted, combining elements of analysis, design, development and evaluation.

Unit Grading Scheme

7- point scale

Assessment Tasks

Assessment: Assignment 1: Exploiting memory corruption

The objective of this assessment is to gain practical experience with memory corruption security vulnerabilities, specifically buffer overflow and format string attacks. This understanding will be demonstrated by crafting simple exploits and describing the principles underpinning the exploitation.

The use of generative artificial intelligence (GenAI) tools is prohibited during this assessment.

This assignment is eligible for the 48-hour late submission period and assignment extensions.

Weight: 20

Length: Report of up to 5 pages with screenshots of evidence of working exploits and less than 100 lines of code.

Individual/Group: Individual

Due (indicative): Consolidation Week

Related Unit learning outcomes: 1, 2, 5

Assessment: Assignment 2: Fuzzing project

The objective of this assignment is to analyse vulnerabilities present in real-world software using AFL (American Fuzzy Lop). This exercise aims to provide practical experience in investigating and documenting vulnerabilities, with the option to exploit them if desired. By engaging in this assignment, you will also gain an understanding of the advantages and drawbacks of fuzz testing.

The use of generative artificial intelligence (GenAI) tools is prohibited during this assessment.

This assignment is eligible for the 48-hour late submission period and assignment extensions.

Weight: 30

Length: Report of 2 or 3 pages per student with screenshots of evidence.

Individual/Group: Either group or individual

Due (indicative): Week 8

Related Unit learning outcomes: 1, 2, 3, 4, 5

Assessment: Invigilated Exam

The final exam assesses the understanding and application of both theoretical concepts and practical skills covered in the unit.

The use of generative artificial intelligence (GenAI) tools is prohibited during this assessment.

Weight: 50

Length: 2:40 - Including 10 minute perusal

Individual/Group: Individual

Due (indicative): Assignment Week

Related Unit learning outcomes: 1, 2, 3, 4, 5

Academic Integrity

Academic integrity is a commitment to undertaking academic work and assessment in a manner that is ethical, fair, honest, respectful and accountable.

The Academic Integrity Policy sets out the range of conduct that can be a failure to maintain the standards of academic integrity. This includes, cheating in exams, plagiarism, self-plagiarism, collusion and contract cheating. It also includes providing fraudulent or altered documentation in support of an academic concession application, for example an assignment extension or a deferred exam.

You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.

Breaching QUT’s Academic Integrity Policy or engaging in conduct that may defeat or compromise the purpose of assessment can lead to a finding of student misconduct (Code of Conduct – Student) and result in the imposition of penalties under the Management of Student Misconduct Policy, ranging from a grade reduction to exclusion from QUT.

Resources

This advanced unit covers state-of-the-art software development and related security technology. Hence, there is no prescribed textbook for this unit. No extraordinary charges and costs are associated with the requirements of this unit.

The IFQ657 Canvas site will provide all reading materials, library resources and links to online resources as well as sample tools. Students are encouraged to read tutorials, standards specifications, technical papers, and scientific papers available on the Internet.

Risk Assessment Statement

There are no health and safety risks associated with this unit.

IFQ657 Software Security

Unit Outline: Session 1 2026, QUT Online, Online

Overview

Learning Outcomes

Content

Learning Approaches

Feedback on Learning and Assessment

Assessment

Overview

Unit Grading Scheme

Assessment Tasks

Assessment: Assignment 1: Exploiting memory corruption

Assessment: Assignment 2: Fuzzing project

Assessment: Invigilated Exam

Academic Integrity

Resources

Risk Assessment Statement

Unit Outline: Session 3 2026, QUT Online, Online

Overview

Learning Outcomes

Content

Learning Approaches

Feedback on Learning and Assessment

Assessment

Overview

Unit Grading Scheme

Assessment Tasks

Assessment: Assignment 1: Exploiting memory corruption

Assessment: Assignment 2: Fuzzing project

Assessment: Invigilated Exam

Academic Integrity

Resources

Risk Assessment Statement

Home