Module Objectives, Discussion Topics, Assignments Schedule

SECURE SOFTWARE DEVELOPMENT

Module 1 – Software Vulnerabilities; Week 1-2 (1/19-2/1)

Class Orientation

§ Introductions

§ Course overview and introduction, review of syllabus and readings, assignments

§ Instruction Components and Learning Styles

§ Paper – Format, Expectations, Some Pointers

§ Research Paper Assignments

§ Lab Assignments

In this module, the student will analyze the prevalent software vulnerabilities in the cyberspace and explore the future trends in software attacks.

Module 1 Discussion Topics.

● Malicious software exploitation in the cyberspace

● Web Server Vulnerabilities

● Malicious software attacks in Cyber Terrorism

● Inherent software vulnerabilities

Module 1 Objectives

After successfully completing Module 1, students should be able to:

· evaluate malicious software in the cyberspace;

· assess mission critical software for vulnerabilities;

· critique embedded firmware vulnerabilities.

Introduction Forum

In the Introductions Forum, start a discussion topic titled “Introductions/[Your Name].” In your posting, please address any of the following topics or anything about yourself that you would like to share with the class so that we can get to know you better. Reply to at least two classmates’ responses by the end of Module 1.

● Your reasons for taking this course

● Your interest in Secure Software Design and Development

● Your background in general

● Your experience with online learning

● Your expectations from this course

Note: The Introductions Forum is not graded but required

Discussion Forum 1

In Discussion Forum 1, post your response to the following discussion topic. Reply to at least two classmates’ responses by the end of Module 1.

Software vulnerabilities in cyberspace can range from the simple outdated security patches on national critical infrastructure systems to poorly designed defense missile control systems. When these industrial control systems, military weapon control systems, air control transportation systems are designed without security built into the software, their security vulnerabilities are paramount to the national security, economy, and human health.

● Do research on the latest prominent software vulnerabilities and share your literature review findings with the class.

Textbook Readings

● Van Wyk, et al. (2015) - Chapters 1.

Reading Assignment – Read Chapter 1

Written Assignment1: Software Vulnerabilities

Software vulnerabilities can cause debilitating consequences in our national critical infrastructure, mission critical applications in a corporate network, and in health and transportation systems. It is paramount to mitigate these vulnerabilities in the initial stages of software design. Do your research on software vulnerabilities and write a 5-10 page, APA formatted, research paper on software vulnerabilities that have devastated our networks.

● Considering the impacts of software vulnerabilities, do a literature review to select at least five sources, other than the course’s textbook, that discuss the current software vulnerabilities in cyberspace.

● After analyzing your findings on the impacts of cyber vulnerabilities, write a 5-10 page APA formatted paper [not including Title Page, References Lists, etc.], based on your research, in which you identify and analyze cyber vulnerabilities that have inflicted our society with grave consequences.

○ Your paper, should include:

■ a brief summary of the selected articles;

■ a clear description of cyber vulnerabilities you have identified from your research;

■ details on how these vulnerabilities had been exploited.

■ any implications or problems you have identified for the affected environment;

■ a summary section that provides any conclusions you have reached as a result of doing the research and writing the paper; and

■ a reference page.

Note: The research findings included in the written assignment paper, may reference, or be related to, the topic discussed in Discussion Forum 1.

Module 2—Designing Secure Software; Week 3-4: (2/2-2/15)

In this module, the student will examine security controls in the software requirements to ensure software will be designed with “security built-in.” The student will analyze the software functions and security controls to provide well-balanced software.

Module Topics

Module 2 covers the following topics:

● Security requirements

● Security balance

● Code review

● Security mechanisms and controls

Assignment – Read Chapter 2, Review Paper Topics

After successfully completing Module 2, students should be able to:

Module 2 Objectives

· analyze security requirements in software;

· ensure security controls and mechanisms are applied;

· develop security safeguards in software design.

Textbook Readings

● Van Wyk, et al. (2015) - Chapters 2-3.

Discussion Forum 2

In Discussion Forum 2, post your response to the following discussion question. Reply to at least two classmates’ responses by the end of Module 1.

In this forum, the student will research the best secure software design methodologies to prevent vulnerabilities and share his/her findings with the class. The student will post a literature review on a researched ACM or IEEE paper.

Building security in the design phase of the software development lifecycle (SDLC) is important to be successful in securing software. What is the right approach in securing SDLC phases so that we can identify software issues early and mitigate them while designing software? Explain what implications we may face if we don’t identify and mitigate security issues in the SDLC phases.

Written Assignment 2

Secure Software Design Methodologies – The student will write a 1-2 page, APA formatted, literature review paper on secure software design methodologies. The paper topic may be related to the discussion topic.

Write your research paper based on your findings on secure software design methodologies. You will recommend the best software security design methodology that can prevent security issues while designing the software in the SDLC phases rather than after the software deployment phase. Further, justify why your approach is better than others with realistic benefits.

Assignment - Lab1 - Nessus Scanner

You have access to the Lab 1- Nessus Scanner document in assignment folder. Please following the instruction to complete the lab and provide your findings and results in your lab activities. Your lab report should be prepared in APA. Please see the lab instruction documents.

Module 3—Testing Software Vulnerability in SDLC: Week 5-6: (2/16-3/1)

In this module, the student will analyze, test, and recognize software vulnerabilities using security testing tools.

Module Objectives

After successfully completing Module 3, students should be able to:

· assess software security vulnerabilities;

· test security vulnerabilities in software;

· utilize software vulnerability testing methodology.

Textbook Readings

● Van Wyk, et al. (2015) - Chapters 4-5.

Discussion Forum 3

In Discussion Forum 3, post your response to the following discussion question. Reply to at least two classmates’ responses by the date indicated in the Course Calendar.

In this forum, the student will research a proven software security testing methodology to discover software vulnerabilities and share his/her findings with the class. The student will post a literature review on a researched ACM or IEEE paper.

Research for proven software security testing methodologies to discover software vulnerabilities. Select one that can be effective in an organization and justify why your selected testing methodology is best for a specific organization.

Written Assignment 3

Secure Software Testing Methodologies – The student will write a 1-2 page, APA formatted, literature review paper on a secure software testing methodology. The paper topic may be related to the discussion topic.

There are many software security testing methodologies as such as risk-based, agile, and other structured testing methodologies. In your research, synthesize your findings of best software security testing methodologies that can be adopted by organizations to defend the asymmetric cyber threats

Module 4—Mitigating Software Vulnerabilities in SDLC: Week 7-8; (3/2-3/15)

OVERVIEW

In this module, the student will mitigate software vulnerabilities using security tools. In this module, the student will mitigate software vulnerabilities using security tools.

Chapter 4 Code Review with a Tool:

Module 4 covers the following topics:

● Software vulnerabilities

● Software security tools

● Software vulnerability mitigation

OBJECTIVES

After successfully completing Module 4, students should be able to:

· mitigate security vulnerabilities in SDLC phases;

· utilize security mitigation tools in removing vulnerabilities;

· leverage proven methodologies in mitigating vulnerabilities.

STUDY MATERIALS

Textbook Readings

● Van Wyk, et al. (2015) - Chapters 4-5.

Discussion Forum 4

In Discussion Forum 4, post your response to the following discussion question. Reply to at least two classmates’ responses by the date indicated in the Course Calendar.

In this forum, the student will research the best secure software mitigation methodologies using tools and share his/her findings with the class. The student will post a literature review on a researched ACM or IEEE paper.

Automation is key to our success in security to minimize manual processes and avoid errors. Research any automation we can apply in software security; especially, in the initial stages of the SDLC phases. Software errors and bugs discovered in the SDLC will save the program cost and engineers’ effort in mitigation them after deployment. Provides evidence of benefits of using the automation or tools in your post.

Written Assignment 4

Secure Software Mitigation Methodologies – The student will write a 1-2 page, APA formatted, research paper on secure software mitigation methodologies using tools. The paper topic may be related to the discussion topic.

From your research, write a security software mitigation methodology using a tool. Benefits from the automation can empower the security professionals in cost reduction and efficient automation in mitigating software vulnerabilities. Describe the best security mitigation methodology to automate the vulnerability removal process using a tool.

Assignment – Lab2 - Denial of Service Using Wireshark

You have access to the Lab 1- Nessus Scanner document in assignment folder. Please following the instruction to complete the lab and provide your findings and results in your lab activities. Your lab report should be prepared in APA.

Week 8: Project Paper Outline

The outline should include, at a minimum:

ü Title and References pages;

ü a brief summary of the articles used;

ü a statement of the key problem(s) with SDLC phases;

ü a discussion of the importance of testing SDLC phases;

ü an explanation of software related cyber vulnerabilities;

ü recommendations on how to mitigate cyber vulnerabilities;

ü the real software security issues;

ü recommendations for secure software development and deployment; and

ü conclusions.

Module 5—Operating Software Security: Week 9-10 (3/16-3/29)

OVERVIEW

In this module, the student will operate software securely using security tools.

TOPICS

Module 5 covers the following topics:

● Security Thresholds

● Intrusion Detection

● Mission Critical Applications

● Incident Response