IT & Mobile Security

Secure Software Design

Integrated course, 3.00 ECTS


Course content

Security is a very important topic for distributed software systems. In this lecture, different practices for the design of secure web applications are introduced.
- Architectural Risk Analysis
Secure Design Principles
Threat Modeling

- Secure Web Applications
Web Application Architecture & Risk Analysis
HTTP / HTTPS Protocol
Client-Side Controls
Access Control
Session Management
Data Stores
XSS Prevention
CSRF Prevention

Learning outcomes

The graduate has detailed knowledge about the architecture and development of secure software in general and secure mobile applications on different platforms in particular.

Recommended or required reading and other learning resources / tools

Gary McGraw, Software Security – Building Security In, Addison-Wesley, 2006
Gary McGraw, Software Security, IEEE Security, 2004
Gary McGraw, Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors, IEEE Security, 2005
Christian Collberg, Jasvir Nagra, Surreptitious Software, Addison Wesley, 2010
William Pugh, David Hovemeyer, J. David Morgenthaler, John Penix, Using Static Analysis to find Bugs, IEEE Software, 2008
Brian Chess, Jacob West, Secure Programming with Static Analysis, Addison-Wesley, 2007
Terence Parr, Language Implementation Patterns, The Pragmatic Bookshelf, 2010
John Viega, Gary McGraw, Building Secure Software, Addison-Wesley, 2002
HTML5 and JavaScript Web Apps (ISBN-13: 978-1449320515)
Effective JavaScript (ISBN-13: 978-0-321-81218-6)
N. Elenkov: Android-Security-Internals, 2014
J. Drake et. al.: Android Hacker's Handbook, 2014
Professional Journals: ACM

Mode of delivery

1 ECTS lecture, 2 ECTS tutorial

Prerequisites and co-requisites

Module ASC 1

Assessment methods and criteria

Lecture: final exam, tutorial: continuous assessment