Educational guide
IDENTIFYING DATA 2024_25
Subject SECURE DESIGN AND PROGRAMMING Code 01747004
Study programme
1747 - Máster Universitario de Investigación en Ciberseguridad
Descriptors Credit. Type Year Period
4 Compulsory First First
Language
Castellano
Prerequisites
Department ING.MECANICA,INFORMAT.AEROESP.
Coordinador
RODRÍGUEZ LERA , FRANCISCO JAVIER
E-mail fjrodl@unileon.es
cferll@unileon.es
Lecturers
FERNÁNDEZ LLAMAS , CAMINO
RODRÍGUEZ LERA , FRANCISCO JAVIER
Web http://
General description This course covers the principles and practices of secure programming. We will expose security models, threats, design principles and secure programming practices. When developing software, we should prevent potential vulnerabilities that could compromise data or cause damage within a specific system. Secure programming goes beyond the simple act of writing, compiling and deploying applications and this course will review a set of ideal rules to make the entire software development life cycle process reliable and robust.
Tribunales de Revisión
Tribunal titular
Cargo Departamento Profesor
Presidente ING.MECANICA,INFORMAT.AEROESP. MATELLAN OLIVERA , VICENTE
Secretario ING.MECANICA,INFORMAT.AEROESP. SANCHEZ GONZALEZ , LIDIA
Vocal ING.MECANICA,INFORMAT.AEROESP. CASTEJON LIMAS , MANUEL
Tribunal suplente
Cargo Departamento Profesor
Presidente CONDE GONZALEZ , MIGUEL ANGEL
Secretario ING.MECANICA,INFORMAT.AEROESP. PEREZ GARCIA , HILDE
Vocal ING.MECANICA,INFORMAT.AEROESP. PANIZO ALONSO , LUIS

Competencies
Type A Code Competences Specific
  A18804
Type B Code Competences Transversal
  B5729
  B5730
  B5731
  B5732
  B5733
  B5734
  B5735
  B5736
  B5737
  B5738
  B5739
  B5740
Type C Code Competences Nuclear
  C1
  C2
  C3
  C4
  C5

Learning aims
Competences
Design and develop secure software avoiding the most common software vulnerabilities A18804
 B5729
B5730
B5731
B5732
B5733
B5734
B5735
B5736
B5737
B5738
B5739
B5740
 C1
C2
C3
C4
C5
Program and analyze tasks in different programming languages in the area of communication and software security A18804
 B5729
B5730
B5731
B5732
B5733
B5734
B5735
B5736
B5737
B5738
B5739
B5740
 C1
C2
C4
C5
Learn to communicate conclusions B5729
B5730
B5731
B5732
 C3

Contents
Topic Sub-topic
BLOCK 1. Introduction to Software Security Topic 1. General presentation
Topic 2. Introduction to secure software development
BLOCK 2. Design and Architecture of Secure Software Systems Topic 1. Design of Software Systems
Topic 2. Software Architectures
BLOCK 3. Secure Engineering Methodologies Topic 1. Implementation
Topic 2. Operations
Topic 3. Automation and Testing
BLOCK 4. Software Defined - Secure Programming Topic 1. General Concepts
Topic 2. C++
Topic 3. Java
Topic 4. Python
Topic 5. Programming Errors. Top 25 OWASP and SANS
Topic 6. CMU CERT Rules and Recommendations

Planning
Methodologies  ::  Tests
  Class hours Hours outside the classroom Total hours
Personal tuition 2 0 2
 
Laboratory practicals 20 20 40
Assignments 2 16 18
 
Lecture 10 20 30
 
Objective short-answer tests 2 1 3
Practical tests 2 1 3
Oral tests 2 2 4
 
(*)The information in the planning table is for guidance only and does not take into account the heterogeneity of the students.

Methodologies
Methodologies   ::  
  Description
Personal tuition Monitoring student activity and progression. Advising, correcting and proposing improvement activities.
Laboratory practicals Programming exercises based on lectures under the supervision of the teacher.
Assignments Individual programming tasks that will be corrected by the teacher and defended by the student.
Lecture Explanation of theoretical knowledge with the active participation of students.

Personalized attention
 
Personal tuition
Description
The web page at agora.unileon.es includes the office hours for every teacher involved in the course.

Assessment
  Description Qualification
Assignments Coding and individual defense of the code. 20%-40%
Objective short-answer tests Individual assessment of theoretical contents. 10%-30%
Practical tests Evaluation of experience obtained by performing the practical assignments of the course. 10%-30%
Oral tests Final project and its oral defense individually. 10%-30%
Others Part of the final mark assigned by the teacher depending on students active participation in the course. 0%-10%
 
Other comments and second call

The submitted works may be reviewed with an anti-plagiarism software that can conduct checks among the works of students from the current and previous calls, as well as against external sources. In the event of plagiarism being detected, the work will be graded as a fail. During evaluation tests, the use of electronic resources (calculators, tablets, phones, computers, etc.) will not be permitted, except for those tests which, under explicit indication from the teacher, require the use of any of these resources. If any irregularity occurs during the conduct of the exam or corresponding evaluation test, the exam will be immediately withdrawn, the student will be expelled, and the grade will be recorded as a fail. In any case, the internal regulations of the ULe included in the document "Guidelines for action in cases of plagiarism, copying, or fraud in exams or evaluation tests" (Approved by the Permanent Committee of the Governing Council on 29/01/2015) will be followed. 

 In the second regular call, the student will have to complete the exercises, laboratory practices, and assignments that were not completed during the course of the subject and defend them in person. Passing the exam(s) of the subject is a necessary condition to pass the subject. 

 For students in the ONLINE learning mode of the master's program: 

 Regarding the proctoring programs used (SMOWL) during exams in the official calls for the distance learning mode, browsing external pages other than the exam itself, unless expressly indicated, may result in failing that activity, at the discretion of the teaching staff. In case of issues arising in student identification, the teaching staff may require additional evaluation activities via videoconference. The conditions of these tests may be influenced by connectivity, lighting, etc., and it is the responsibility of the students to follow the instructions received in this regard, as well as to protect their privacy by taking the exam in an appropriate environment (isolated, with good connection, lighting, etc.). Recommendations for students on the use of SMOWL can be found at the following link: http://bit.ly/3ZrtxVs.


Sources of information
Access to Recommended Bibliography in the Catalog ULE

Basic Fred Long, Dhruv Mohindra, Robert . Seacord, Dean F. Sutherland, David Svoboda, Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs, Addison-Wesley Professional, SEI Series in Software Engineering
Robert C. Seacord, Secure Coding in C and C++, Addison-Wesley Professional, Second Edition.

Complementary


Recommendations