This unit aims to introduce the secure software development issues including secure software development life cycle, secure software design principles, secure coding practices, threat evaluation models, secure software testing, deployment and maintenance, software development and security policy integration. Students are provided with a range of practical exercises and tasks to reinforce their skills including: identification of security bugs in programs written in different programming languages, design, implementation, and testing of secure concurrent and networked applications, identification of vulnerabilities in networked and mobile/wireless applications. In addition, students will learn input validation techniques to minimise security risks, man-in-the-middle attack techniques to be able to build more secure networked applications, practical secure software testing techniques to be able to test applications for security bugs.
Minimum total expected workload equals 12 hours per week comprising:
(a.) Contact hours for on-campus students:
(b.) Additional requirements (all students):
((FIT5131 or FIT9017) and (FIT5134 or FIT9018) and (FIT5132 or FIT9003 or FIT9019) and (FIT5135 or FIT9020) and (FIT5136 or FIT4037) and (FIT5130 or FIT9030)) or equivalent
Prerequisite knowledge: Programming experience, preferably in C or C++
Dr Ron Steinfeld
Dr Ron Steinfeld
Trung Quang Dinh
Guy Kijthaweesinpoon
Monash is committed to excellence in education and regularly seeks feedback from students, employers and staff. One of the key formal ways students have to provide feedback is through the Student Evaluation of Teaching and Units (SETU) survey. The University’s student evaluation policy requires that every unit is evaluated each year. Students are strongly encouraged to complete the surveys. The feedback is anonymous and provides the Faculty with evidence of aspects that students are satisfied and areas for improvement.
For more information on Monash’s educational strategy, see:
www.monash.edu.au/about/monash-directions/ and on student evaluations, see: www.policy.monash.edu/policy-bank/academic/education/quality/student-evaluation-policy.html
This unit is being offered for the first time this year as part of the Master of Network and Security degree.
If you wish to view how previous students rated this unit, please go to
https://emuapps.monash.edu.au/unitevaluations/index.jsp
| Week | Activities | Assessment |
|---|---|---|
| 0 | No formal assessment or activities are undertaken in week 0 | |
| 1 | Introduction to Software Security | |
| 2 | Threats, Vulnerabilities and Attacks | |
| 3 | Threat Modeling | |
| 4 | Secure (and Insecure) Coding Techniques I | |
| 5 | Secure (and Insecure) Coding Techniques II | Part I of Assessment task 1 due |
| 6 | Web Application Security | |
| 7 | Security Testing Techniques | Part II of Assessment task 1 due |
| 8 | Programming Languages and Security | |
| 9 | Programming Languages and Sandboxing | Assessment task 2 due |
| 10 | Malware | |
| 11 | Implementation Pitfalls | |
| 12 | Summary and Revision | Assessment task 3 due |
| SWOT VAC | No formal assessment is undertaken in SWOT VAC | |
| Examination period | LINK to Assessment Policy: http://policy.monash.edu.au/policy-bank/ academic/education/assessment/ assessment-in-coursework-policy.html |
*Unit Schedule details will be maintained and communicated to you via your learning system.
Examination (2 hours): 50%; In-semester assessment: 50%
| Assessment Task | Value | Due Date |
|---|---|---|
| Use of a Software Security Tool for Code Review | 20% | Week 5 and 7( Two part submission) |
| SQL injection Vulnerability | 20% | Week 9 |
| Penetration Testing of Software | 10% | Week 12 |
| Examination 1 | 50% | To be advised |
Faculty Policy - Unit Assessment Hurdles (http://intranet.monash.edu.au/infotech/resources/staff/edgov/policies/assessment-examinations/assessment-hurdles.html)
Academic Integrity - Please see resources and tutorials at http://www.monash.edu/library/skills/resources/tutorials/academic-integrity/
Code develpment (40%)
Installation of code review tool and the analysis of supplied source code for vulnerabilities (40%)
Defend or refute the identified vulnerabilities (20%)
Code development (30%)
Successful exploitation and penetration of the code (40%)
Countermeasures to fix the vulnerabilities (30%)
Report contents will be marked on the following attributes:
Monash Library Unit Reading List (if applicable to the unit)
http://readinglists.lib.monash.edu/index.html
Faculty of Information Technology Style Guide
Examination/other end-of-semester assessment feedback may take the form of feedback classes, provision of sample answers or other group feedback after official results have been published. Please check with your lecturer on the feedback provided and take advantage of this prior to requesting individual consultations with staff. If your unit has an examination, you may request to view your examination script booklet, see http://intranet.monash.edu.au/infotech/resources/students/procedures/request-to-view-exam-scripts.html
Types of feedback you can expect to receive in this unit are:
Submission must be made by the due date otherwise penalties will be enforced.
You must negotiate any extensions formally with your campus unit leader via the in-semester special consideration process: http://www.monash.edu.au/exams/special-consideration.html
It is a University requirement (http://www.policy.monash.edu/policy-bank/academic/education/conduct/student-academic-integrity-managing-plagiarism-collusion-procedures.html) for students to submit an assignment coversheet for each assessment item. Faculty Assignment coversheets can be found at http://www.infotech.monash.edu.au/resources/student/forms/. Please check with your Lecturer on the submission method for your assignment coversheet (e.g. attach a file to the online assignment submission, hand-in a hard copy, or use an online quiz). Please note that it is your responsibility to retain copies of your assessments.
Monash has educational policies, procedures and guidelines, which are designed to ensure that staff and students are aware of the University’s academic standards, and to provide advice on how they might uphold them. You can find Monash’s Education Policies at: www.policy.monash.edu.au/policy-bank/academic/education/index.html
Key educational policies include:
Important student resources including Faculty policies are located at http://intranet.monash.edu.au/infotech/resources/students/
The University provides many different kinds of support services for you. Contact your tutor if you need advice and see the range of services available at http://www.monash.edu.au/students. For Malaysia see http://www.monash.edu.my/Student-services, and for South Africa see http://www.monash.ac.za/current/.
The Monash University Library provides a range of services, resources and programs that enable you to save time and be more effective in your learning and research. Go to www.lib.monash.edu.au or the library tab in my.monash portal for more information. At Malaysia, visit the Library and Learning Commons at http://www.lib.monash.edu.my/. At South Africa visit http://www.lib.monash.ac.za/.