Required in stage
First term
Second term
Both terms
Not organised
This year
Next year
Alternating years
External
Prerequisites
Taught by
Language of instruction
Duration
Identical coursesSecurity Through the Software Lifecycle (B-KUL-H0Q31A)
Aims
The students understand the possibilities for dealing with security and privacy at the various stages of the software lifecycle. The students can describe a number of relevant design patterns and blueprints for security & privacy by design. The students can drive threat analysis in a systematic, process-driven way. The students can have a broad overview of techniques that can enhance the quality of code from a security perspective, through programming techniques and guidelines, through testing and with the help of contemporary tool support. The students understand the challenges of preserving security during the deployment of production software, both from an organizational and from a practical perspective.
Previous knowledge
Cybersecurity Basics, familiarity with at least one programming language and a basic understanding of software engineering.
Is included in these courses of study
- Master in de ingenieurswetenschappen: computerwetenschappen (Leuven) (Hoofdoptie Veilige software) 120 ects.
- Courses for Exchange Students Faculty of Engineering Science (Leuven)
- Master of Engineering: Computer Science (Leuven) (Option Secure Software) 120 ects.
- Master of Cybersecurity (Leuven) 60 ects.
Activities
4 ects. Security Through the Software Lifecycle: Lecture (B-KUL-H0Q31a)
Content
1. Overview: Security through the life cycle of software
2. Security patterns and architectural cornerstones for security & Privacy
- a. Security and Privacy by design
- b. Catalogues and best practices
- c. Related concerns and qualities: availability, resilience etc.
- d. Specific models for security and privacy
3. Threat elicitation at early stages, at the level of analysis
- a. Prioritization and decision frameworks
- b. Relationship to risk management
4. Quality Control
- a. Coding rules and guidelines
- b. Security analysis of third-party components
- c. Relationship between security specific concerns and software development at large
5. Security Testing
- a. Systematic Testing for Security
- b. Static code analysis: tools and practices
- c. Penetration testing
- d. Fuzzing and Bug hunting
6. Security during operations (SecDevOps)
- a. Roles and responsibilities
- b. Patch and version management – software updates
- c. Configuration management
- d. Introduction to Security Operations
Course material
Course material will be provided on Toledo
Format: more information
12 lectures, including demonstrations of practical tools.
Evaluation
Evaluation: Security Through the Software Lifecycle (B-KUL-H2Q31a)
Explanation
Students deliver a small experience report based on one specific activity of choice (e.g. pen- testing, threat elicitation, etc.) within the context of a case study that is presented as part of the course.
Information about retaking exams
Students that score less than a 10-in the-first-examination period are asked to, when they did not pass the first part (1), prepare an assignment, which is an extension or improvement of the term report done during the semester. Students that fail on the second part (2) are asked to perform the exam part of the evaluation again.