You are here: Start > MESW0007
Site map
Security in Software Engineering
| Code: | MESW0007 | Acronym: | SES |
| Keywords | |
|---|---|
| Classification | Keyword |
| CNAEF | Informatics Sciences |
Instance: 2023/2024 - 2S 
| Active? | Yes |
| Responsible unit: | Department of Informatics Engineering |
| Course/CS Responsible: | Master in Software Engineering |
Cycles of Study/Courses
| Acronym | No. of Students | Study Plan | Curricular Years | Credits UCN | Credits ECTS | Contact hours | Total Time |
|---|---|---|---|---|---|---|---|
| MESW | 33 | Syllabus since 2016/17 | 1 | - | 6 | 42 | 162 |
Teaching language
EnglishObjectives
By the end of this module, it is intended that students:1. Recognise the most important security problems of software based computing systems, the respective causes and consequences, and recognise the importance of using good software engineering practices for the prevention, detection and mitigation of those problems;
2. Know and are able to apply generic and specific practices for developing secure software systems in the
various phases of the software life cycle: requirements capture, architecture and design, implementation,
verification and validation, deployment, installation and maintenance;
3. Know and are able to use software engineering processes and tools specially targeted at security issues;
4. Know relevant standards for the development of secure software systems.
Learning outcomes and competences
The syllabus was defined according to the objectives and competencies to be acquired by the students. Thesyllabus includes understanding state of the art approaches to security in software engineering as well as
specific techniques, which will make students capable of critically selecting the appropriate method to use to
solve the engineering problem at hand. At the same time, students will be able to interpret and analyse the
behaviour and performance of the algorithms and the results obtained by them. In order to achieve the proposed learning outcomes, the module will not only discuss processes and algorithms, but also off the shelf tools.
Working method
PresencialProgram
1) Introduction, key concepts and terminology2) Software engineering processes with a security focus
3) Security requirements engineering
4) Secure coding
5) Crytpography
6) System software (OSs), users and access control
7) Distributed systems security
8) Web applications security
9) Verification and validation of security aspects
10) Security in the deployment and maintenance of software systems
Mandatory literature
William Stallings, Lawrie Brown; Computer Security: Principles and Practice, 4th Edition, Pearson, 2018. ISBN: 978-1292220611Pfleeger, C.; Pfleeger, S.L.; Margulies, J.;; Security in Computing, 5th Edition, Pearson Education, Inc., 2015. ISBN: 978-0-13-408504-3
McGraw, G.; Software Security: Building Security In, Addison Wesley Professional, 2006
Mead, N.R., Hough, R., & Stehney II, T.; Security Quality Requirements Engineering (SQUARE) Methodology, Software Engineering Institute, 2005
Complementary Bibliography
Matt Bishop; Computer Security Art and Science, 2nd Edition, Addison-Wesley, 2019. ISBN: 978-0-321-71233-2Justin Richer, Antonio Sanso; OAuth 2.0 in Action, Manning Publications, 2017. ISBN: 978-1617293276
Seacord, R.C., Svoboda, D., & Togashi, K.; Secure Design Patterns, Chad Dougherty, Kirk Sayre, 2009
Dowd, M., McDonald, J., & Schuh, J.; The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, Addison Wesley Professional, 2006
Davis, N.; Secure Software Development Life Cycle Processes: A Technology Scouting Report. CMU/SEI2005TN024, Software Engineering Institute, 2005
Teaching methods and learning activities
The classes will comprise the presentation and discussion of topics and the development of practical exercises and small projects by the students. Slots will be reserved for the presentation of special topics and projects explored by the students.keywords
Technological sciences > Technology > Information technology > Security technologyEvaluation Type
Distributed evaluation with final examAssessment Components
| Designation | Weight (%) |
|---|---|
| Exame | 50,00 |
| Trabalho laboratorial | 30,00 |
| Trabalho prático ou de projeto | 20,00 |
| Total: | 100,00 |
Amount of time allocated to each course unit
| Designation | Time (hours) |
|---|---|
| Elaboração de projeto | 60,00 |
| Estudo autónomo | 40,00 |
| Frequência das aulas | 39,00 |
| Trabalho laboratorial | 23,00 |
| Total: | 162,00 |
Eligibility for exams
Submitting all evaluation elements and exam.Calculation formula of final grade
Continuous assessment (50% of the final grade) comprises practical work with two components:Lab work: 20%
Project work: 30%
Final Exam (50% of the final grade).
For approval, a minimum grade of 40% in the final exam is required.
Special assessment (TE, DA, ...)
Students excused from attendance at practical classes should contact the teacher for special sessions of follow up. The defense of practical work is mandatory for ALL students.Classification improvement
- The marks obtained in continuous assessment can be improved in the next edition of the course- The classification of the exam can be improved in the appeal exam.
Copyright 1996-2025 © Faculdade de Engenharia da Universidade do Porto
I Terms and Conditions
I Accessibility
I Index A-Z
I Guest Book
Page generated on: 2025-06-25 at 11:15:16 | Acceptable Use Policy | Data Protection Policy | Complaint Portal
Page generated on: 2025-06-25 at 11:15:16 | Acceptable Use Policy | Data Protection Policy | Complaint Portal