IFQ657 Principles of Software Security
To view more information for this unit, select Unit Outline from the list below. Please note the teaching period for which the Unit Outline is relevant.
| Unit code: | IFQ657 |
|---|---|
| Prerequisite(s): | IFN501 or (IFN555 and IFN556) or (IFQ555 and IFQ556) or IFN503 or (IFN551 and IFN553) or (IFQ551 and IFQ553) or Admission to IQ16 |
| Equivalent(s): | IFN657 |
| Assumed Knowledge: | Familiarity with principles of information security. General knowledge in software engineering and testing. Sound skills of solving computational problems and implementing these solutions in a programming language. |
| Credit points: | 12 |
| Timetable | Details in HiQ, if available |
| Availabilities |
|
| CSP student contribution | $1,118 |
| Domestic tuition unit fee | $3,528 |
Unit Outline: Session 1 2024, QUT Online, Online
| Unit code: | IFQ657 |
|---|---|
| Credit points: | 12 |
| Pre-requisite: | IFN501 or (IFN555 and IFN556) or (IFQ555 and IFQ556) or IFN503 or (IFN551 and IFN553) or (IFQ551 and IFQ553) or IN15 or IQ15 or IN16 or IQ16 |
| Equivalent: | IFN657 |
| Assumed Knowledge: | Familiarity with principles of information security. General knowledge in software engineering and testing. Sound skills of solving computational problems and implementing these solutions in a programming language. |
Overview
Many security vulnerabilities and threats arise at the software level. They can often be attributed to poor software design and implementation, including poor understanding of code-level security requirements, inadequate handling of exceptional cases, incomplete descriptions of the interface between components for secure interactions, and insufficient care in the use of programming languages. This unit provides an overall understanding of software security from a programming perspective in a security context, with the aim of improving your ability in designing, implementing and analysing security-critical programs. In this unit, you will learn about secure programming techniques that can be used to detect vulnerabilities in software and defend against attacks such as buffer overflows, SQL injection and cross-site scripting. The module also covers common mistakes made in using programming languages, libraries and frameworks, and how they can be avoided.
Learning Outcomes
On successful completion of this unit you will be able to:
- Explain the fundamental sources of security vulnerabilities and threats arising at the software level (CLO1)
- Analyse the root causes of common security vulnerabilities in systems applications, web-based and database software (CLO1, CLO2)
- Select appropriate security testing and analysis techniques for detecting security vulnerabilities in a variety of contexts (CLO2, CLO3)
- Evaluate real world software by applying secure programming techniques and tools (CLO2, CLO3)
- Recommend and justify methods to mitigate or prevent software vulnerabilities and threats (CLO2, CLO3)
Content
This unit includes the following topics:
- Fundamental principles of software security
- Security requirements and their role in software development
- Security issues in software implemented by different programming languages
- Security analysis and testing for open source projects
Learning Approaches
This unit engages you in your learning through a problem-based learning approach with the objective of preparing you to solve problems that you will meet during your professional or academic career:
- Introduction to both theoretical and practical aspects of software security and technology relevant to each week’s topic.
- Exercises to reinforce learning materials through participatory discussions centred on questions relevant to week's topic.
- Online resources (such as reading materials) will help you enhance your understanding of the technical concepts introduced in this unit.
The unit coordinator will use email and the unit's QUT Canvas site to make announcements and post various types of information throughout the teaching period. It is your responsibility to access your email account and the unit's QUT Canvas site regularly.
Feedback on Learning and Assessment
Feedback in this unit will be provided to you in the following ways:
- Discussions on a range of formative exercises.
- Generic comments to the cohort via QUT Canvas.
- Advice and assistance during sessions.
- Feedback to assessment items will be provided in the form of criteria sheet grading to give more detailed feedback.
Assessment
Overview
This unit introduces foundational concepts and principles, so the assessment is based around the knowledge acquired throughout the semester. The programming projects will be multifaceted, combining elements of analysis, design, development and evaluation.
Unit Grading Scheme
7- point scale
Assessment Tasks
Assessment: Assignment 1
A project applying technology learned from the unit.
This is an assignment for the purposes of an extension.
Assessment: Assignment 2
A project researching real-world software vulnerabilities and/or emerging security technologies.
This is an assignment for the purposes of an extension.
Assessment: Examination (written)
The final exam addresses theoretical and practical material covered in the unit.
Academic Integrity
Students are expected to engage in learning and assessment at QUT with honesty, transparency and fairness. Maintaining academic integrity means upholding these principles and demonstrating valuable professional capabilities based on ethical foundations.
Failure to maintain academic integrity can take many forms. It includes cheating in examinations, plagiarism, self-plagiarism, collusion, and submitting an assessment item completed by another person (e.g. contract cheating). It can also include providing your assessment to another entity, such as to a person or website.
You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.
Further details of QUT’s approach to academic integrity are outlined in the Academic integrity policy and the Student Code of Conduct. Breaching QUT’s Academic integrity policy is regarded as student misconduct and can lead to the imposition of penalties ranging from a grade reduction to exclusion from QUT.
Resources
This advanced unit covers state-of-the-art software development and related security technology. Hence, there is no prescribed textbook for this unit. No extraordinary charges and costs are associated with the requirements of this unit. The Canvas will provide all reading materials, library resources and links to online resources as well as sample tools. Students are encouraged to read tutorials, standards specifications, technical papers, and scientific papers available on the Internet.
Risk Assessment Statement
There are no health and safety risks associated with this unit.
Unit Outline: Session 3 2024, QUT Online, Online
| Unit code: | IFQ657 |
|---|---|
| Credit points: | 12 |
| Pre-requisite: | IFN501 or (IFN555 and IFN556) or (IFQ555 and IFQ556) or IFN503 or (IFN551 and IFN553) or (IFQ551 and IFQ553) or IN15 or IQ15 or IN16 or IQ16 |
| Equivalent: | IFN657 |
| Assumed Knowledge: | Familiarity with principles of information security. General knowledge in software engineering and testing. Sound skills of solving computational problems and implementing these solutions in a programming language. |
Overview
Many security vulnerabilities and threats arise at the software level. They can often be attributed to poor software design and implementation, including poor understanding of code-level security requirements, inadequate handling of exceptional cases, incomplete descriptions of the interface between components for secure interactions, and insufficient care in the use of programming languages. This unit provides an overall understanding of software security from a programming perspective in a security context, with the aim of improving your ability in designing, implementing and analysing security-critical programs. In this unit, you will learn about secure programming techniques that can be used to detect vulnerabilities in software and defend against attacks such as buffer overflows, SQL injection and cross-site scripting. The module also covers common mistakes made in using programming languages, libraries and frameworks, and how they can be avoided.
Learning Outcomes
On successful completion of this unit you will be able to:
- Explain the fundamental sources of security vulnerabilities and threats arising at the software level (CLO1)
- Analyse the root causes of common security vulnerabilities in systems applications, web-based and database software (CLO1, CLO2)
- Select appropriate security testing and analysis techniques for detecting security vulnerabilities in a variety of contexts (CLO2, CLO3)
- Evaluate real world software by applying secure programming techniques and tools (CLO2, CLO3)
- Recommend and justify methods to mitigate or prevent software vulnerabilities and threats (CLO2, CLO3)
Content
This unit includes the following topics:
- Fundamental principles of software security
- Security requirements and their role in software development
- Security issues in software implemented by different programming languages
- Security analysis and testing for open source projects
Learning Approaches
This unit engages you in your learning through a problem-based learning approach with the objective of preparing you to solve problems that you will meet during your professional or academic career:
- Introduction to both theoretical and practical aspects of software security and technology relevant to each week’s topic.
- Exercises to reinforce learning materials through participatory discussions centred on questions relevant to week's topic.
- Online resources (such as reading materials) will help you enhance your understanding of the technical concepts introduced in this unit.
The unit coordinator will use email and the unit's QUT Canvas site to make announcements and post various types of information throughout the teaching period. It is your responsibility to access your email account and the unit's QUT Canvas site regularly.
Feedback on Learning and Assessment
Feedback in this unit will be provided to you in the following ways:
- Discussions on a range of formative exercises.
- Generic comments to the cohort via QUT Canvas.
- Advice and assistance during sessions.
- Feedback to assessment items will be provided in the form of criteria sheet grading to give more detailed feedback.
Assessment
Overview
This unit introduces foundational concepts and principles, so the assessment is based around the knowledge acquired throughout the semester. The programming projects will be multifaceted, combining elements of analysis, design, development and evaluation.
Unit Grading Scheme
7- point scale
Assessment Tasks
Assessment: Assignment 1
A project applying technology learned from the unit.
This is an assignment for the purposes of an extension.
Assessment: Assignment 2
A project researching real-world software vulnerabilities and/or emerging security technologies.
This is an assignment for the purposes of an extension.
Assessment: Examination (written)
The final exam addresses theoretical and practical material covered in the unit.
Academic Integrity
Students are expected to engage in learning and assessment at QUT with honesty, transparency and fairness. Maintaining academic integrity means upholding these principles and demonstrating valuable professional capabilities based on ethical foundations.
Failure to maintain academic integrity can take many forms. It includes cheating in examinations, plagiarism, self-plagiarism, collusion, and submitting an assessment item completed by another person (e.g. contract cheating). It can also include providing your assessment to another entity, such as to a person or website.
You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.
Further details of QUT’s approach to academic integrity are outlined in the Academic integrity policy and the Student Code of Conduct. Breaching QUT’s Academic integrity policy is regarded as student misconduct and can lead to the imposition of penalties ranging from a grade reduction to exclusion from QUT.
Resources
This advanced unit covers state-of-the-art software development and related security technology. Hence, there is no prescribed textbook for this unit. No extraordinary charges and costs are associated with the requirements of this unit. The Canvas will provide all reading materials, library resources and links to online resources as well as sample tools. Students are encouraged to read tutorials, standards specifications, technical papers, and scientific papers available on the Internet.
Risk Assessment Statement
There are no health and safety risks associated with this unit.