units

FIT5003

Faculty of Information Technology

Postgraduate - Unit

This unit entry is for students who completed this unit in 2014 only. For students planning to study the unit, please refer to the unit indexes in the the current edition of the Handbook. If you have any queries contact the managing faculty for your course or area of study.

print version

6 points, SCA Band 2, 0.125 EFTSL

Refer to the specific census and withdrawal dates for the semester(s) in which this unit is offered, or view unit timetables.

LevelPostgraduate
FacultyFaculty of Information Technology
OfferedCaulfield First semester 2014 (Evening)
Caulfield Second semester 2014 (Day)

Synopsis

This unit aims to introduce the secure software development issues including secure software development life cycle, secure software design principles, secure coding practices, threat evaluation models, secure software testing, deployment and maintenance, software development and security policy integration. Students are provided with a range of practical exercises and tasks to reinforce their skills including: identification of security bugs in programs written in different programming languages, design, implementation, and testing of secure concurrent and networked applications, identification of vulnerabilities in networked and mobile/wireless applications. In addition, students will learn input validation techniques to minimise security risks, man-in-the-middle attack techniques to be able to build more secure networked applications, practical secure software testing techniques to be able to test applications for security bugs.

Outcomes

At the completion of this unit students will have an understanding of central issues and concepts involved in secure software development, including:

  • importance of security and risk assessment;
  • vulnerabilities versus threats;
  • common attack techniques (malicious input injection, buffer overflows);
  • malware;
  • common web application vulnerabilities and design aspects (cross-side scripting, SQL injection, cookies, session management, user authentication);
  • operating system security;
  • secure development principles and techniques (including principle of least privilege, input validation, tools for writing secure code);
  • software testing techniques (including bug discovery techniques, fuzzing),
  • software deployment and maintenance issues.

Assessment

Examination (2 hours): 50%; In-semester assessment: 50%

Chief examiner(s)

Workload requirements

Minimum total expected workload equals 12 hours per week comprising:

(a.) Contact hours for on-campus students:

  • Two hours of lectures
  • One 2-hour tutorial

(b.) Additional requirements (all students):

  • A minimum of 8 hours independent study per week for completing lab and project work, private study and revision.

Prerequisites

((FIT5131 or FIT9017) and (FIT5134 or FIT9018) and (FIT5132 or FIT9003 or FIT9019) and (FIT5135 or FIT9020) and (FIT5136 or FIT4037) and (FIT5130 or FIT9030)) or equivalent

Prerequisite knowledge: Programming experience, preferably in C or C++

Additional information on this unit is available from the faculty at: