Skip to content | Change text size

M O N A T A R

InfoTech Unit Avatar

FIT3173 Software Security

Chief Examiner

This field records the Chief Examiner for unit approval purposes. It does not publish, and can only be edited by Faculty Office staff

To update the published Chief Examiner, you will need to update the Faculty Information/Contact Person field below.

NB: This view restricted to entries modified on or after 19990401000000

Unit Code, Name, Abbreviation

FIT3173 Software Security (04 Sep 2015, 10:06am) [SOFTWARE SEC (04 Sep 2015, 10:06am)]

Reasons for Introduction

Reasons for Introduction (04 Sep 2015, 10:06am)

Created as part of the CNS major and extended major and Mcomms extended major, elective of the Cyber security minor and Sdev major and extended major of the new Bachelor of IT (BInfoTech) degree - 2016 , elective in the BCompSci and BSE(Hons) degrees

Reasons for Change (23 Sep 2020, 11:21am)

Introduced for course architecture programs. Effective semester 1, 2016

12/06/2017: Admin - updating location of offering to reflect actual campus offerings at the ADE's request.

07/12/2017 - Updating prerequisites to include the new programming unit.

24/9/19: Admin - updating the exam duration to include additional 10 minutes as per University requirement.

4/5/2020: As the MSA course 4307 Bachelor of Computer and Information Sciences is in teach-out, the MSA offering of this unit has been re-coded to FZA3173 effective Semester 1, 2021. These units will be managed by South Africa and therefore no separate Monatar entries will be made

23/09/2020 Admin: Update to include new assessment and teaching approach fields as per Handbook requirements.

Role, Relationship and Relevance of Unit (04 Sep 2015, 10:08am)

This is one of the units offered in the CNS major of the BinfoTech degree. The unit concentrates on software security. It builds on students' knowledge in software programming. It complements units in other aspects of security: Information and Network Security and IT Forensics. Security is an extremely important part of information technology; the Faculty must retain its role as a leader in IT teaching and research. Software security is now the number one cause of financial losses. Furthermore, this unit is critical to the Faculty's research-teaching nexus; the Faculty has significant research activity in secure/trusted software development.

Objectives

Objectives (04 Sep 2015, 10:34am)

At the completion of this unit students should be able to:

  1. model the possible vulnerabilities and threats for a given application system;
  2. apply appropriate methods for the design and realization of secure software;
  3. analyse and evaluate security properties of concurrent and networked applications.

Unit Content

ASCED Discipline Group Classification (04 Sep 2015, 10:34am)

029901

Synopsis (04 Sep 2015, 10:40am)

This unit aims to introduce secure software development issues from the design stage, through to implementation, testing and deployment. Topics studied include the secure software development life cycle, secure software design principles, threat evaluation models, secure coding and development practices, software security testing, deployment and maintenance. Students are provided with a range of practical exercises and tasks to reinforce their skills including: identification of security bugs in programs written in different programming languages, design, implementation, and testing of secure concurrent and networked applications and identification of vulnerabilities in networked and mobile/wireless applications.

Prescribed Reading (for new units) (23 Sep 2020, 11:13am)

Recommended resources

Textbooks that we will refer to include:

* G McGraw, Software Security, Addison-Wesley Software Security Series, 2006 (referred to as "McGraw" in reading lists on Moodle). Copy available at the Monash library.

* M Howard and D LeBlanc, Writing Secure Code, Microsoft Press, 2nd Edition, 2003. (referred to as "HowLe" in reading lists on Moodle). Available online via Monash library.

* J Erickson, Hacking: The Art of Exploitation, No Starch Press, 2008. Available online via Monash library. (referred to as "Erick" in reading lists on Moodle).

* D Stuttard and M Pinto, The Web Application Hacker?s Handbook, Wiley, 2nd Edition, 2011. Available at Monash library. (referred to as "StuPint" in reading lists on Moodle).

*R Anderson. Security engineering. John Wiley & Sons, 2008.

* Stallings, William, et al. Computer security: principles and practice. Pearson Education, 2012.

Teaching Methods

Mode (04 Sep 2015, 10:40am)

On-campus

Special teaching arrangements (23 Sep 2020, 11:21am)

Lecture and laboratories or problem classes

This teaching and learning approach helps students to initially encounter information at lectures, discuss and explore the information during laboratories, and practice in a hands-on approach both in a lab environment as well as using their own machines (if available).

Assessment

Assessment Summary (23 Sep 2020, 11:35am)

Examination (2 hours and 10 minutes): 60%; In-semester assessment: 40%

  1. Investigating Buffer Overflow and Using Cryptography Libraries: - 20% - ULO: 1, 2, 3
  2. Web Application Vulnerabilities: - 20% - ULO: 1, 2, 3
  3. Examination 1: - 60% - ULO: 1, 2, 3

Workloads

Workload Requirements (04 Sep 2015, 10:41am)

Minimum total expected workload equals 12 hours per week comprising:

(a.) Contact hours for on-campus students:

  • Two hours lectures
  • Two hours laboratories

    • (b.) Additional requirements (all students):

  • A minimum of 2-3 hours of personal study per one hour of lecture time in order to satisfy the reading, tute, prac and assignment expectations.

    • Resource Requirements

    Prerequisites

    Prerequisite Units (07 Dec 2017, 3:26pm)

    One of FIT1045, FIT1053, FIT1048 or FIT1051 or equivalent

    Proposed year of Introduction (for new units) (04 Sep 2015, 10:43am)

    Semester 1, 2018

    Location of Offering (12 Jun 2017, 12:09pm)

    Clayton, South Africa

    Faculty Information

    Proposer

    Ange Delbianco

    Approvals

    School: 11 Dec 2017 (Jeanette Niehus)
    Faculty Education Committee: 11 Dec 2017 (Jeanette Niehus)
    Faculty Board: 11 Dec 2017 (Jeanette Niehus)
    ADT:
    Faculty Manager:
    Dean's Advisory Council:
    Other:

    Version History

    04 Sep 2015 Ange Delbianco Introduced for course architecture programs. Effective semester 1, 2016
    09 Sep 2015 Caitlin Slattery Initial Draft; modified Prerequisites/PreReqUnits
    14 Sep 2015 Caitlin Slattery Initial Draft
    22 Sep 2015 Jeanette Niehus FIT3173 Chief Examiner Approval, ( proxy school approval )
    22 Sep 2015 Jeanette Niehus FEC Approval
    22 Sep 2015 Jeanette Niehus FacultyBoard Approval - FEC approved 23/07/2015
    12 Jun 2017 Jeanette Niehus Admin: modified ReasonsForIntroduction/RChange; modified LocationOfOffering
    07 Dec 2017 Christy Pearson modified ReasonsForIntroduction/RChange; modified Prerequisites/PreReqUnits
    07 Dec 2017 Christy Pearson modified ReasonsForIntroduction/RChange
    11 Dec 2017 Jeanette Niehus FIT3173 Chief Examiner Approval, ( proxy school approval )
    11 Dec 2017 Jeanette Niehus FEC Approval
    11 Dec 2017 Jeanette Niehus FacultyBoard Approval - Executively approved by ADLT 8/12/2017.
    24 Sep 2019 Emma Nash modified ReasonsForIntroduction/RChange; modified Assessment/Summary
    04 May 2020 Emma Nash modified ReasonsForIntroduction/RChange
    23 Sep 2020 Miriam Little modified UnitContent/PrescribedReading; modified UnitContent/PrescribedReading; modified Teaching/SpecialArrangements; modified ReasonsForIntroduction/RChange; modified Assessment/Summary

    This version: