You are here: Start > MESW0007
Site map
Security in Software Engineering
| Code: | MESW0007 | Acronym: | SES |
| Keywords | |
|---|---|
| Classification | Keyword |
| CNAEF | Informatics Sciences |
Instance: 2016/2017 - 2S 
| Active? | Yes |
| Responsible unit: | Department of Informatics Engineering |
| Course/CS Responsible: | Master in Software Engineering |
Cycles of Study/Courses
| Acronym | No. of Students | Study Plan | Curricular Years | Credits UCN | Credits ECTS | Contact hours | Total Time |
|---|---|---|---|---|---|---|---|
| MESW | 16 | Syllabus since 2016/17 | 1 | - | 6 | 42 | 162 |
Teaching language
EnglishObjectives
By the end of this module, it is intended that students:1. Recognise the most important security problems of softwarebased
systems, the respective causes and
consequences, and recognise the importance of using good software engineering practices for the prevention,
detection and mitigation of those problems;
2. Know and are able to apply generic and specific practices for developing secure software systems in the
various phases of the software life cycle requirements
capture, architecture and design, implementation,
verification and validation, deployment, installation and maintenance;
3. Know and are able to use software engineering processes and tools specially targeted at security issues;
4. Know relevant standards for the development of secure software systems.
Learning outcomes and competences
The syllabus was defined according to the objectives and competencies to be acquired by the students. Thesyllabus includes understanding stateoftheart
approaches to security in software engineering as well as
specific techniques, which will make students capable of critically selecting the appropriate method to use to
solve the engineering problem at hand. At the same time, students will be able to interpret and analyse the
behaviour and performance of the algorithms and the results obtained by them. In order to achieve the proposal
learning outcomes, the module will not only discuss processes and algorithms, but also offtheshelf
tools.
Working method
PresencialProgram
1) Problems and challenges of secure software development: typical problems in software security(vulnerabilities and attacks); impact on users and society; importance of following software engineering best
practices for secure software development; real world examples;
2) Software engineering processes with a security focus;
3) Security requirements engineering;
4) Design of secure software systems: design principles, architectural styles, secure design patterns;
5) Secure coding: best practices and standards;
6) Verification and validation of security aspects: static analysis tools; reviews and inspections of software
security: security testing; software security audits; formal verification;
7) Security in the deployment and maintenance of software systems.
Mandatory literature
Seacord , R.C.; Secure Coding in C and C++, Addison Wesley Professional., 2013Seacord , R.C.; The CERT C Secure Coding Standard, Addison Wesley Professional, 2008
McGraw, G.; Software Security: Building Security In, Addison Wesley Professional, 2006
Dowd, M., McDonald, J., & Schuh, J.; The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, Addison Wesley Professional, 2006
Davis, N.; Secure Software Development Life Cycle Processes: A Technology Scouting Report. CMU/SEI2005TN024, Software Engineering Institute, 2005
Mead, N.R., Hough, R., & Stehney II, T.; Security Quality Requirements Engineering (SQUARE) Methodology, Software Engineering Institute, 2005
Seacord, R.C., Svoboda, D., & Togashi, K.; Secure Design Patterns, Chad Dougherty, Kirk Sayre, 2009
Teaching methods and learning activities
The classes will comprise the presentation and discussion of topics and the development of practical exercisesand small projects by the students. Slots will be reserved for the presentation of special topics explored by the
students (having an article and presentation as output).
Evaluation Type
Distributed evaluation with final examAssessment Components
| Designation | Weight (%) |
|---|---|
| Exame | 50,00 |
| Participação presencial | 5,00 |
| Trabalho de campo | 20,00 |
| Trabalho laboratorial | 25,00 |
| Total: | 100,00 |
Calculation formula of final grade
Continuous assessment (50% of the final grade) comprises:participation in the classes (5%);
Practical work (45%): (Analysis about security problems: 25%; lecture on a security topic: 20%);
Final Exam (50% of the final grade).
For approval, a minimum grade of 45% in the final exam is required.
Special assessment (TE, DA, ...)
Students excused from attendance at practical classes should contact the teacher for special sessions of follow up. The defense of practical work is mandatory for ALL students.Classification improvement
- The marks obtained in practical work can be improved in the next edition of the discipline- The classification of the test can be improved by in the appeal exame.
Copyright 1996-2025 © Faculdade de Engenharia da Universidade do Porto
I Terms and Conditions
I Accessibility
I Index A-Z
I Guest Book
Page generated on: 2025-06-24 at 23:26:26 | Acceptable Use Policy | Data Protection Policy | Complaint Portal
Page generated on: 2025-06-24 at 23:26:26 | Acceptable Use Policy | Data Protection Policy | Complaint Portal