Secure Software Engineering
| Code: | M.EIC036 | Acronym: | ESS |
| Keywords | |
|---|---|
| Classification | Keyword |
| OFICIAL | Cybersecurity |
Instance: 2024/2025 - 1S 
| Active? | Yes |
| Responsible unit: | Department of Informatics Engineering |
| Course/CS Responsible: | Master in Informatics and Computing Engineering |
Cycles of Study/Courses
| Acronym | No. of Students | Study Plan | Curricular Years | Credits UCN | Credits ECTS | Contact hours | Total Time |
|---|---|---|---|---|---|---|---|
| M.EIC | 24 | Syllabus | 2 | - | 6 | 39 | 162 |
Teaching Staff - Responsibilities
| Teacher | Responsibility |
|---|---|
| António Miguel Pontes Pimenta Monteiro |
Teaching - Hours
| Recitations: | 3,00 |
| Type | Teacher | Classes | Hour |
|---|---|---|---|
| Recitations | Totals | 1 | 3,00 |
| António Miguel Pontes Pimenta Monteiro | 3,00 |
Teaching language
EnglishObjectives
It is intended that students:
- Recognize the security problems computing systems software, their causes, and consequences, and recognize the good s practices for their prevention, detection, and mitigation ;
- Know and can apply good practices for developing secure software in the various phases of the software life cycle: requirements capture, architecture and design, implementation, verification and validation, deployment, installation, and maintenance;
- Know and be able to use software engineering processes and tools specially targeted at security issues;
- Know relevant standards for the development of secure software.
The syllabus includes the understanding of state-of-the-art approaches to security as well as specific techniques capable of critically selecting the appropriate methods to use to solve the engineering problem at hand. They also include the ability to interpret and analyze the behavior and performance of algorithms and results and off-the-shelf tools.
Learning outcomes and competences
The syllabus, focusing on conceptual bases, software engineering processes with embedded security concerns, frequent and common threats and vulnerabilities, including application architecture problems, programming languages and code, identification and authorization in distributed and web applications, and incorrect and vulnerable use remote access protocols, as some details and practical examples of aspects of analysis and design is clearly consistent with the objective of the course, whose main objective is the acquisition of work practices leading to secure applications and secure system software.Working method
PresencialProgram
1) Introduction, fundamentals and terminology
(Objectives, threat modeling and risk analysis, secure design principles, SDLC security, the architecture role)
2) Cryptography
3) Secure coding
(Validation, review, tools, and testing)
4) Identification and validation in access control
5) Security in distributed and web applications
6) Common security vulnerabilities in software and their exploitation
7) Using secure protocols in access control
8) Application penetration testing
Mandatory literature
Gary McGraw; Software security. ISBN: 0-321-35670-5Teaching methods and learning activities
The classes will comprise the presentation and discussion of topics and the development of practical exercises and small projects by the students. Slots will be reserved for the presentation of special topics and projects explored by the students.
Software
VirtualBoxEvaluation Type
Distributed evaluation with final examAssessment Components
| Designation | Weight (%) |
|---|---|
| Exame | 50,00 |
| Trabalho laboratorial | 30,00 |
| Trabalho prático ou de projeto | 20,00 |
| Total: | 100,00 |
Amount of time allocated to each course unit
| Designation | Time (hours) |
|---|---|
| Elaboração de projeto | 60,00 |
| Estudo autónomo | 40,00 |
| Frequência das aulas | 39,00 |
| Trabalho laboratorial | 23,00 |
| Total: | 162,00 |
Eligibility for exams
Submitting all evaluation elements and exam.Calculation formula of final grade
The formula of evaluation: Continuous assessment (50% of the final grade) comprises:Practical work (50%): (Practical project: 30%; Lab work: 20%);
Final Exam (50% of the final grade).
For approval, a minimum grade of 30% in the final exam is required.
Special assessment (TE, DA, ...)
Practical work is mandatory for all students. The defense of practical work (in a final presentation) is also mandatory for all students.Classification improvement
- The marks obtained in continuous assessment can be improved in the next edition of the course- The classification of the exam can be improved in the resit exam.
Page generated on: 2025-06-14 at 03:28:16 | Acceptable Use Policy | Data Protection Policy | Complaint Portal