Software Security

Objectives

The Software Security curricular unit focuses on methodologies and processes that aim to ensure the development of secure software systems. Students will thus be equipped with skills that range from identifying the main vulnerabilities in software systems; risk analysis and security requirements; good practices in coding and validation; and experience with security standards and their implementation. Thus, at the end, students should be able to:

  • Recognize software vulnerabilities with the greatest impact on security;
  • Carry out threat models in software systems;
  • Use methodologies and tools for the secure software development life cycle;
  • Resort to standard protocols when building secure software components.

Program

  • Software security: review of concepts; classification of weaknesses and vulnerabilities (CWE, CVE); software weaknesses with the greatest impact on security.
  • Security in the software development life cycle (SDLC): SDLC models; NIST-SSDF Framework.
  • Standards and good practices: organizations and initiatives; areas of expertise; certifications.
  • Security of software components and APIs: identification and access control; authentication and authorization; key management.

Bibliography

  • A. Shostack. Threat modelling: designing for Security. Wiley, 2014.
  • M. Howard, S. Lipner. The Security Development Lifecycle. Microsoft Press, 2006.
  • NIST SP 800-218. Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities”. (https://csrc.nist.gov/pubs/sp/800/218/final)
  • SAFECode. Fundamental Practices for Secure Software Development. 3rd Edition, 2018. (https:// safecode.org/wp-content/uploads/2018/03/SAFECode_ Fundamental_Practices_for_Secure_Software_ Development_March_2018.pdf).
  • N, Madden. API Security in Action. Manning, 2020.
  • Y. Wilson, A. Hingnikar. Solving Identity Management in Modern Applications. Apress, 2019.

Updated: