Educational guide | ||||||||||||||||||||||||||||||||||||||||
IDENTIFYING DATA | 2024_25 | |||||||||||||||||||||||||||||||||||||||
Subject | SECURE DESIGN AND PROGRAMMING | Code | 01747004 | |||||||||||||||||||||||||||||||||||||
Study programme |
|
|||||||||||||||||||||||||||||||||||||||
Descriptors | Credit. | Type | Year | Period | ||||||||||||||||||||||||||||||||||||
4 | Compulsory | First | First |
|||||||||||||||||||||||||||||||||||||
Language |
|
|||||||||||||||||||||||||||||||||||||||
Prerequisites | ||||||||||||||||||||||||||||||||||||||||
Department | ING.MECANICA,INFORMAT.AEROESP. |
|||||||||||||||||||||||||||||||||||||||
Coordinador |
|
fjrodl@unileon.es cferll@unileon.es |
||||||||||||||||||||||||||||||||||||||
Lecturers |
|
|||||||||||||||||||||||||||||||||||||||
Web | http:// | |||||||||||||||||||||||||||||||||||||||
General description | This course covers the principles and practices of secure programming. We will expose security models, threats, design principles and secure programming practices. When developing software, we should prevent potential vulnerabilities that could compromise data or cause damage within a specific system. Secure programming goes beyond the simple act of writing, compiling and deploying applications and this course will review a set of ideal rules to make the entire software development life cycle process reliable and robust. | |||||||||||||||||||||||||||||||||||||||
Tribunales de Revisión |
|
|||||||||||||||||||||||||||||||||||||||
Competencies |
Type A | Code | Competences Specific |
A18804 | ||
Type B | Code | Competences Transversal |
B5729 | ||
B5730 | ||
B5731 | ||
B5732 | ||
B5733 | ||
B5734 | ||
B5735 | ||
B5736 | ||
B5737 | ||
B5738 | ||
B5739 | ||
B5740 | ||
Type C | Code | Competences Nuclear |
C1 | ||
C2 | ||
C3 | ||
C4 | ||
C5 |
Learning aims |
Competences | |||
Design and develop secure software avoiding the most common software vulnerabilities | A18804 |
B5729 B5730 B5731 B5732 B5733 B5734 B5735 B5736 B5737 B5738 B5739 B5740 |
C1 C2 C3 C4 C5 |
Program and analyze tasks in different programming languages in the area of communication and software security | A18804 |
B5729 B5730 B5731 B5732 B5733 B5734 B5735 B5736 B5737 B5738 B5739 B5740 |
C1 C2 C4 C5 |
Learn to communicate conclusions | B5729 B5730 B5731 B5732 |
C3 |
Contents |
Topic | Sub-topic |
BLOCK 1. Introduction to Software Security | Topic 1. General presentation Topic 2. Introduction to secure software development |
BLOCK 2. Design and Architecture of Secure Software Systems | Topic 1. Design of Software Systems Topic 2. Software Architectures |
BLOCK 3. Secure Engineering Methodologies | Topic 1. Implementation Topic 2. Operations Topic 3. Automation and Testing |
BLOCK 4. Software Defined - Secure Programming | Topic 1. General Concepts Topic 2. C++ Topic 3. Java Topic 4. Python Topic 5. Programming Errors. Top 25 OWASP and SANS Topic 6. CMU CERT Rules and Recommendations |
Planning |
Methodologies :: Tests | |||||||||
Class hours | Hours outside the classroom | Total hours | |||||||
Personal tuition | 2 | 0 | 2 | ||||||
Laboratory practicals | 20 | 20 | 40 | ||||||
Assignments | 2 | 16 | 18 | ||||||
Lecture | 10 | 20 | 30 | ||||||
Objective short-answer tests | 2 | 1 | 3 | ||||||
Practical tests | 2 | 1 | 3 | ||||||
Oral tests | 2 | 2 | 4 | ||||||
(*)The information in the planning table is for guidance only and does not take into account the heterogeneity of the students. |
Methodologies |
Description | |
Personal tuition | Monitoring student activity and progression. Advising, correcting and proposing improvement activities. |
Laboratory practicals | Programming exercises based on lectures under the supervision of the teacher. |
Assignments | Individual programming tasks that will be corrected by the teacher and defended by the student. |
Lecture | Explanation of theoretical knowledge with the active participation of students. |
Personalized attention |
|
|
Assessment |
Description | Qualification | ||
Assignments | Coding and individual defense of the code. | 20%-40% | |
Objective short-answer tests | Individual assessment of theoretical contents. | 10%-30% | |
Practical tests | Evaluation of experience obtained by performing the practical assignments of the course. | 10%-30% | |
Oral tests | Final project and its oral defense individually. | 10%-30% | |
Others | Part of the final mark assigned by the teacher depending on students active participation in the course. | 0%-10% | |
Other comments and second call | |||
The submitted works may be reviewed with an anti-plagiarism software that can conduct checks among the works of students from the current and previous calls, as well as against external sources. In the event of plagiarism being detected, the work will be graded as a fail. During evaluation tests, the use of electronic resources (calculators, tablets, phones, computers, etc.) will not be permitted, except for those tests which, under explicit indication from the teacher, require the use of any of these resources. If any irregularity occurs during the conduct of the exam or corresponding evaluation test, the exam will be immediately withdrawn, the student will be expelled, and the grade will be recorded as a fail. In any case, the internal regulations of the ULe included in the document "Guidelines for action in cases of plagiarism, copying, or fraud in exams or evaluation tests" (Approved by the Permanent Committee of the Governing Council on 29/01/2015) will be followed. In the second regular call, the student will have to complete the exercises, laboratory practices, and assignments that were not completed during the course of the subject and defend them in person. Passing the exam(s) of the subject is a necessary condition to pass the subject. For students in the ONLINE learning mode of the master's program: Regarding the proctoring programs used (SMOWL) during exams in the official calls for the distance learning mode, browsing external pages other than the exam itself, unless expressly indicated, may result in failing that activity, at the discretion of the teaching staff. In case of issues arising in student identification, the teaching staff may require additional evaluation activities via videoconference. The conditions of these tests may be influenced by connectivity, lighting, etc., and it is the responsibility of the students to follow the instructions received in this regard, as well as to protect their privacy by taking the exam in an appropriate environment (isolated, with good connection, lighting, etc.). Recommendations for students on the use of SMOWL can be found at the following link: http://bit.ly/3ZrtxVs. |
Sources of information |
Access to Recommended Bibliography in the Catalog ULE |
Basic |
Fred Long, Dhruv Mohindra, Robert . Seacord, Dean F. Sutherland, David Svoboda, Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs, Addison-Wesley Professional, SEI Series in Software Engineering Robert C. Seacord, Secure Coding in C and C++, Addison-Wesley Professional, Second Edition. |
Complementary | |
Recommendations |