Course Code Course Type Credits

Secure Software Engineering

CSD3002 LTP 4
Course Objectives:
 To understand and apply the security concepts to the Software Development Process.
 To learn about secure software engineering principles and approaches.
 To acquire knowledge of attack and defense methods related to
Software.

Course Outcomes:
At the completion of this course, students should be able to do the following:
 Develop a complete solution to a security problem via a detailed roadmap and implement
it successfully
 To be able to apply fundamentals of secure software by coding intelligently to
avoid security loopholes
 To build a layer of security around any given software to prevent tampering in
the form of reverse engineering, editing of core files that disrupt the intended
functionality of the software, DDoS attacks and other actions with malicious
intent.
Student Outcomes (SO): a, b, i, l
a. An ability to apply the knowledge of mathematics, science and computing
appropriate to the discipline
b. An ability to analyze a problem, identify and define the computing requirements
appropriate to its solution.
i. Design and conduct experiments as well as analyze and interpret data
l. An ability to apply mathematical foundations, algorithmic principles and computer
science theory in the modeling and design of computer-based systems.
Unit No. of
Unit Content SOs
No Hours
1 Why is Security a Software Issue 08 a,b,l
Software Assurance and Software Security, Threats to
Software Security, Sources of Software Insecurity,
Managing Secure Software Development – Defining
Properties of Secure Software, How to Influence the
Security Properties of Software, How to Assert and

2 Software Vulnerability Fundamentals 09 a,b,l

Secure Software Architecture and Design: The SQUARE

Process Model, SQUARE Sample Outputs, Requirements
Elicitation and Prioritization, Architecture Risk Analysis
(Threat Analysis, Architecture Vulnerability Assessment,
Risk Likelihood Determination, Risk

3 Considerations for Secure Coding and Testing 09 a,b,l

Code Analysis – Common Software Code Vulnerabilities,

Source Code Review - Coding Practices, Software Security
 Testing – Contrasting Software Testing and Security
Testing, Functional Testing, Security Testing
Considerations Throughout the SDLC – Unit Test

4 Security and Complexity 09 a,b,l

Security Failures – Categories of Errors, Attacker
Behaviour, Functional and Attacker Perspectives for
Security Analysis, System Complexity Drivers and
Security – Wider Spectrum of Failures - Incremental and
Evolutionary Development, Deep Technical Proble

5 Management Techniques for Secure Software 08 a,b,l

Governance and Security, Adopting an Enterprise

Software Security Framework – Common Pitfalls,
Framing the Solution and Defining a Roadmap, Defining
Adequate Security, Security and Project Management –
Project Scope, Project Plan, Resources, Project and P

6 Guest Lecture on Contemporary Topics 02

Total Hours: 45
Mode of Teaching and Learning: Flipped Class Room, Activity Based
Teaching/Learning, Digital/Computer based models, wherever possible to augment
lecture for practice/tutorial and minimum 2 hours lectures by industry experts on
contemporary topics
Mode of Evaluation and assessment:
The assessment and evaluation components may consist of unannounced open book
examinations, quizzes, student’s portfolio generation and assessment, and any other
innovative assessment practices followed by faculty, in addition to the Continuous
Assessment Tests and Final Examinations.
Text Books:
1. Nancy R. Mead, Gary McGraw, Robert J. Ellison, Sean Barnum, Julia H. Allen,
'Software Security Engineering: A Guide for Project Managers', O'Riley Media,
May 2008, ISBN 9780321559685

2. Grembi, Jason. Secure Software Development: A Security Programmer's Guide.

Course Technology, 2008
Reference Books:
1. Viega, John, and Gary McGraw. Building Secure Software: How to Avoid Security
Problems the Right Way (paperback)(Addison-Wesley Professional Computing
Series). Addison-Wesley Professional, 2011

Recommendation by the Board of Studies 17 January 2020

on
Approval by Academic council on 20.01.2020
Compiled by Dr. R. Shriram