Software Assurance

Overview

Software is ubiquitous and underpins much of our services and technologies that are essential for business, government, e-commerce and society. Traditional Software Development Lifecycle (SDLC) do not include key security initiatives. The lack of these security initiatives can lead to poorly designed and implemented software that can result in security vulnerabilities that go undiscovered and maliciously exploited. Effective cybersecurity requires a layered and a continuous approach to security. Software Assurance is a crucial part of achieving secure software through risk-based thinking by understanding the critical risks and thereby prioritising security controls/effort to deliver business outcomes.
Software Assurance introduces the concepts of terminology, methodologies, and approaches needed to minimise these vulnerabilities in various stages of the SDLC and improves the security, reliability, and integrity of the final software solution. The core body of knowledge focuses on important software assurance activities across the lifecycle and includes topics such as risk assessment/threat modelling, architectural design method with emphasis that this should evolve with the life-cycle informing design, secure coding principles and risk-based testing. Software Assurance explores the concept of weaving security initiatives in the Software Development Lifecycle to form the "Secure Software Development Lifecycle" (SSDLC) and includes the architectural design principles of Saltzer and Schroeder.
This module will provide a basic understanding of managing a secure development environment, together with secure programming principles, examination of common software errors (exploits) and testing.
Topics included are:
• Introduction to the threat landscape
• Software assurance initiatives and standards
• Secure software development lifecycle (SSDLC);
• Security analysis and threat modelling;
• Security issues risks and risk management;
• Secure architecture and design
• Secure architecture design principles
• Risk management
• Secure coding, principles and practice
• Security analysis and testing (Penetration Testing).
• Development and code analysis tools

Learning Objectives

Upon successful completion of this module, a student will have achieved the following learning outcomes:
• Understand and analyse the cyber security threat landscape;
• Apply software assurance best practice;
• Manage and implement software assurance processes;
• Critically assess security requirements;
• Identify risks and vulnerabilities in software components;
• Implement secure coding standards;
• Software verification using pen-testing and code analysis tools.

Skills

Successful participation in this module will enable students to develop skills in the following areas:
• Good cyber security practice in the specification, design, implementation, evaluation and maintenance of security solutions.
• Ability to critically evaluate a given system design, and identify significant vulnerabilities, risks, and points at which specific cyber security methods and technologies should be employed.
• Effective use of tools for development and testing of cyber secure systems.
• Articulate and effectively communicate the design and technological rationale for a given cyber security component or design through appropriate technical reports and presentations.

Assessment

None