Software Security

Objectives

The Software Security curricular unit (CU) focuses on methodologies and processes that aim to ensure the development of secure software systems. Students will thus be equipped with skills that range from identifying the main vulnerabilities in software systems; risk analysis and security requirements; good practices in coding and validation; and experience with security standards and their implementation. Thus, at the end, students should be able to:

  • Recognize software vulnerabilities with the greatest impact on security;
  • Carry out threat models in software systems;
  • Use methodologies and tools for the secure software development life cycle.
  • Resort to standard protocols when building secure software components.

Program

  • Software security: review of concepts; classification of weaknesses and vulnerabilities (CWE, CVE); software weaknesses with the greatest impact on security.
  • Security in the software development life cycle (SDLC): SDLC models; NIST-SSDF Framework.
  • Standards and good practices: organizations and initiatives; areas of expertise; certifications.
  • Security of software components and APIs: identification and access control; authentication and authorization; key management.

Bibliography

  • Adam Shostack. “Threat modeling: designing for Security”. Wiley 2014.
  • Michael Howard and Steve Lipner. “The Security Development Lifecycle”. Microsoft Press. 2006.
  • NIST SP 800-218. “Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities”. (https://csrc.nist.gov/pubs/sp/800/218/final)
  • SAFECode. “Fundamental Practices for Secure Software Development”. Third Edition, March 2018. (https:// safecode.org/wp-content/uploads/2018/03/SAFECode_
  • Neil Madden. “API Security in Action”. Manning 2020.
  • Yvonne Wilson and Abhishek Hingnikar. “Solving Identity Management in Modern Applications”. Apress, 2019.

Updated: