Skip to content

Course Syllabus

Course: SE 4340

Division: Natural Science and Math
Department: Computer Science & Engineering
Title: Secure Coding Practices

Semester Approved: Spring 2020
Five-Year Review Semester: Summer 2025
End Semester: Fall 2025

Catalog Description: A study of the principles, practices, procedures and methodologies of securely handling, processing and storing data. It examines practices and patterns related to secure code at various levels of the software stack, from user interface code, back end processing and storage. It appraises common attack vectors / methods and how to guard against them.

Semesters Offered: Spring
Credit/Time Requirement: Credit: 3; Lecture: 3; Lab: 0

Prerequisites: SE 4270

Corequisites: SE 4450 SE 4620


Justification: Understanding security is more important than ever in coding and data storage. Software system breaches are significant to both business and consumers. Security needs to be a focus throughout the entire software development lifecycle. This course is required by the Bachelor of Science in Software Engineering degree.


Student Learning Outcomes:
Students will be able to explain security design principles. This will be assessed through homework exercises, quizzes, exams and project work.

Students will be able to apply security principles when they analyze and design projects.  This will be assessed through homework exercises, quizzes, exams and project work.

Students will be able to implement projects using security primitives. This will be assessed through homework exercises, quizzes, exams and project work.

Students will be able to utilize tools for security analysis. This will be assessed through homework exercises, quizzes, exams and project work.

Students will be able to evaluate the security of project implementations. This will be assessed through homework exercises, quizzes, exams and project work.


Content:
This course will cover the following modules:
• Web Application Security & Practices including SQL injection, cross-site scripting, cross-site request forgery, cookies and hidden form fields.
• Implementation Security & Practices including buffer overruns, string formatting issues, integer overflows, exceptions, command injection, information leakage, race conditions, principle of least privilege.
• Cryptographic Security & Practices including weak passwords, weak cryptography, incorrect cryptography.
• Networking Security & Practices including network security overview, secure network transmission, name resolution.
• Vulnerability & risk mitigation, vulnerability assessments, & QA testing.


Key Performance Indicators:
Projects 40 to 75%

Quizzes 5 to 15%

Exams 10 to 20%

Final Exam 10 to 20%


Representative Text and/or Supplies:
Secure by Design by Dan Bergh Johnsson, Daniel Deogun, Daniel Sawano. Current Edition.


Pedagogy Statement:
This course will be delivered through in class discussions, lecture and project mentoring.

Instructional Mediums:
Lecture

Maximum Class Size: 24
Optimum Class Size: 16