Created as part of the Master of information Technology and Master of Applied Information Technology Units - 2009

Re-introduced as a discipline core for Master of Networks and Security - 2014

This unit has been updated as part of a 2009 review and comparison of data with current Handbook, Syllabus + and Callista data.

This unit serves as a discipline core in the new Master of Networks and Security course which will be offered in 2014.

18/7/13 - Amendment to prerequisite units and prerequisite knowledge, effective Semester 1 2014.

11/12/2013 - Added pre-requisite of FIT5163 on advice from MNS Course Director. Note: there is no CE listed on the list of CEs for 2013. Semester of implementation - Semester 1,2014.

21/10/2014 - Amended pre-requisite requirements by adding 2015, FIT9xxx version of 2014, FIT5xxx foundation units. Approved at GPC 4/14 (Item 6.2).

10/12/14 - Amended learning outcomes as per CE's advice.

5/1/2015 - Amendments to prerequisite requirements effective Semester 1 2015.

20/2/2015 - Amended prerequisites and corequisites in consultation with MNS/MIT Course Directors as per action from GPC 1/15 meeting.

16/1/2017- Amended prerequisites of FIT5003 to include FIT9133 as an optional programming unit, as MNS foundation units include the option of FIT9131 or FIT9133 as the programming foundation unit as per action from GPC 4/16 meeting.

21/1/2017 - Cleaned up pre-requisite format. Removed old foundation units, FIT5131 and FIT9017.

5/10/2018: Update to prerequisites to allow Software engineering students to enrol as an approved elective. Effective 2019.

20/9/2019: Admin - updating exam duration to include additional 10 minutes as per University requirement.

23/10/2019: Added unit outcome related to code of ethics and professional practice, in accordance with Master of Cyber Security revisions. Effective 2020.

29/10/2019: Updating the prerequisites to include FIT9136. Effective 2020.

8/11/2019: Adding a prerequisite rule for C6007 Master of AI students. Entry into the degree requires a cognate degree with relevant math and programming, and therefore meet the knowledge requirements. Also removing prereq knowledge requirement in C or C++ as not relevant. Effective 2020.

24/09/2020 Admin: Update to include new assessment and teaching approach fields as per Handbook requirements.

This is one of the core units offered in the Master of Networks and Security. The unit concentrates on software security. It builds on students' knowledge in software programming. It complements units in other aspects of security: Network Security, Information and Computer Security. Security is an extremely important part of information technology; the Faculty must retain its role as a leader in IT teaching and research. Software security is now the number one cause of financial losses. Furthermore, this unit is critical to the Faculty's research-teaching nexus; the Faculty has significant research activity in secure/trusted software development.

On successful completion of this unit, students should be able to:

029901

This unit aims to introduce the secure software development issues including secure software development life cycle, secure software design principles, secure coding practices, threat evaluation models, secure software testing, deployment and maintenance, software development and security policy integration. Students are provided with a range of practical exercises and tasks to reinforce their skills including: identification of security bugs in programs written in different programming languages, design, implementation, and testing of secure concurrent and networked applications, identification of vulnerabilities in networked and mobile/wireless applications. In addition, students will learn input validation techniques to minimize security risks, man-in-the-middle attack techniques to be able to build more secure networked applications, practical secure software testing techniques to be able to test applications for security bugs.

Recommended resources

Reading list Textbooks that we will refer to include:

• G McGraw, Software Security , Addison-Wesley Software Security Series, 2006 (referred to as "McGraw" in reading lists on Moodle). Copy available at the Monash library.
• M Howard and D LeBlanc, Writing Secure Code , Microsoft Press, 2nd Edition, 2003. (referred to as "HowLe" in reading lists on Moodle). Available online via Monash library.
• J Erickson, Hacking: The Art of Exploitation , No Starch Press, 2008. Available online via Monash library. (referred to as "Erick" in reading lists on Moodle).
• D Stuttard and M Pinto, The Web Application Hacker?s Handbook , Wiley, 2nd Edition, 2011. Available at Monash library. (referred to as "StuPint" in reading lists on Moodle).
• Scott Oaks, Java Security: Writing and Deploying Secure Applications, O'Reilly, 2nd Edition, 2013.
• Nikolay Elenkov, Android Security Internals: An In-Depth Guide to Android's Security Architecture, 2014
• Wenliang Du, Computer & Internet Security: A Hands-on Approach, Second Edition, ISBN: 978-1733003926 (hardcover) or 978-1733003933 (paperback), 2019

Software for completing lab exercises will be either supplied in the lab or freely available for download from specified websites

On-campus

Examination (2 hours and 10 minutes): 50%; In-semester assessment: 50%

1. Assignment 1 : 30% - ULO 1,2,3
2. Assignment 2 : 20% - ULO 1,2,3,4
3. Examination 1 : 50% - ULO 1,2,3

6

Minimum total expected workload equals 12 hours per week comprising:

(a.) Contact hours for on-campus students:

(b.) Additional requirements (all students):

The tutorial room must be in a computer lab with a white board. Some of the material requires computer work, and some involves problem solving on the white board.

FIT

Callista prerequisites: No pre-requisites for MNS (4312), MIT (Professional) (2402.6), MIT (2402.5), MIT Professional (3348.1), MIT (Honours) (3349), PGDIT (2411) and PGCIT (2423).

For all other courses as below:

Callista & Handbook prerequisites:

FIT9131 or FIT9133 or FIT9136 or equivalent; or entry into C6007.

For students enrolled in E3001, E3002, E3005, E3010, E3011, E3007 completing the Software Engineering specialisation: FIT2099