Scribd
Upload
0 views

Software Security Notes

The Software Security (SW406) course covers fundamental principles and practices of software security throughout the software development life cycle. It includes modules on secure software development, requirements engineering, architecture and design, coding practices, and risk management. Upon completion, students will be able to identify threats, gather security requirements, design secure software, and apply risk management strategies.

Uploaded by

sippingromario825
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
0 views

Software Security Notes

The Software Security (SW406) course covers fundamental principles and practices of software security throughout the software development life cycle. It includes modules on secure software development, requirements engineering, architecture and design, coding practices, and risk management. Upon completion, students will be able to identify threats, gather security requirements, design secure software, and apply risk management strategies.

Uploaded by

sippingromario825
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

SOFTWARE SECURITY (SW406)

Course information and outcomes:

This course introduces the fundamental principles and practices of


software security, and how to ensure security throughout the software
development life cycle.

Module 1: Software security introduction:

 What is software security?


 Why securing a software?
 Threads to software security.
 Sources of software insecurities.

Module 2: Secure Software Development(SSD):

 What is SSD?
 How to manage SSD.
 What makes software secure?
 Properties of a secure software and its influence.

Module 3: Requirements engineering for secure Software:

 Introduction to requirements engineering in SW security.


 Misuse and abuse cases
 The SQUARE process module and sample outputs
 Requirements elicitation and requirements prioritization .

Module 4: Secure Software Architecture and Design:

 Software security practices for architecture and design.


 Architecture risk analysis.
 Security principles.
 Security Guides.

Module 5: Considerations for secure coding and testing.

 Introduction to code analysis.


 Coding practices.
 Software security testing.
 Security and complexity.
Module 6: System assembly challenge:

 Introduction
 Security failures
 Functional and attacker’s perspectives for security analysis.

COURSE OBJECTIVES:

1. Understand the need for software security and the thread to software
security.
2. Incoporate security principles to SDLC.
3. Understand secure software architecture design and coding.
4. Learn risk managements and mitigation of risk in software
development.

COURSE OUTCOMES:

Upon completion of this course, students will be able to;

1. Identify the threads and issues in software.


2. Gather security requirements during requirements elicitation.
3. Design software by incorporating security principles.
4. Understand the issues in web and database security.
5. Apply risk management strategies in software development.
CHAPTER ONE: SOFTWARE SECURITY INTRODUCTION:

Software Security: Software security is all about building defenses into a


software from the ground up to making it resistance from malicious
attacks and unintentional weaknesses. It is like putting a strong lock on
your door to keep unwanted visitors out.\

Components of Software Security:

1. Protection: Shielding software applications and the data they handle


from unauthorized access modification or destruction. This can
involve things like encryption or access control.

2. Threat Mitigation: Minimizing the impact of malicious activities like


viruses, malware and hacking attempts. Firewalls and intrusion
detection systems are common tools used for this. (a data bridge
occurs when there is a data leakage).(The NIST framework)

3. Guaranteed Functionality: Ensuring the software operates as intended


without glitches even under attack. This involves rigorous testing
throughout development.

4. Building Trust: Especially important for critical applications,


Software Security fosters confidence that the software will function
reliably and securely.

WHY SECURING A SOFTWARE

1. Protect sensitive information and data privacy


2. Prevents financial loses and operational disruptions
3. Maintain system availability and functionality
4. Uphold legal and regulatory compliance.

SOFTWARE ASSURANCE VERSES SOFTWARE SECURITY

Software security focuses on practices to build secure software during


development. Examples includes secure coding techniques or
vulnerability assessment.

Software assurance is a broader concept encompassing the entire software


development life cycle, ensuring quality, reliability and security.
Examples include software testing, verification and validation processes..
Software security is a crucial path to software assurance.

THREATS TO SOFTWARE SECURITY

MALWARE: Malicious softwares like viruses, worm and ransom ware


that can steal data or disrupt operations. Eg SQL injection.

HACKING: Unauthorized attempts to get access to a system or data for


malicious purposes.

SOCIAL ENGINEERING: Techniques to trick users into revealing


sensitive informations or clicking malicious links.

BUFFER OVERFLOW: Programming errors that allow attackers to


inject malicious code into software.

INSECURE APIs: Application programming Interfaces with


vulnerabilities that can be exploited by attackers.

You might also like