Reference no: EM132660232
COM6012 Secure Development and Deployment
Learning Outcome 1: Demonstrate an understanding of the fundamental design and implementation principles that preserve security properties;
Learning Outcome 2: Critically appraise security requirements and their role in securing software systems and the data they store and manage;
Learning Outcome 3: Predict software security design and implementation flaws; Identify web application security controls and risk mitigation techniques.
Learning Outcome 4: Produce software products that meet ethical standards when creating, deploying; using, and retiring of software;
Learning Outcome 5: Apply static and dynamic testing to large software systems. Assess web application security compliance requirements and objectives.
The Learning and Teaching Strategy is informed by BAC's Strategy for Learning. The contents of this module are introduced in lectures. These are supported by practical exercises in laboratory sessions. Tutorials are used to help explain and elaborate on both the lecture material and the laboratory exercises.
All lecture, laboratory, and tutorial material will be made available on BAC Learn and links will be provided to appropriate external material such as research papers, podcasts, MOOCs, videos, and literature.
During all lab and tutorial sessions, students will receive formative feedback on their performance in undertaking the laboratory and tutorial exercises.
Summative feedback and marks will be provided for the coursework assignments undertaken as part of the module using BAC Learn.
BAC Learn will also be used to provide the students with module-specific forums to stimulate student and lecturer interaction out with the normal lecture, laboratory, and tutorial sessions.
The cyber threat landscape has changed dramatically. Probably because the traditional practice of late-stage testing has proven to be expensive and complex. So, to identify issues earlier and reduce costs, security must be integrated into every step of the software development lifecycle (SDLC). Here's what a typical security plan for a secure SDLC might look like:
1. Requirements stage
• Establishing the software security team, security champions, and other team structures.
• Training and education for the development team.
• Ensuring security standards and guidelines are widely available.
• Establishing processes to support the delivery of the requirements.
2. Design stage
• Identifying security requirements for the business context
• Threat modeling to understand how an attacker would look at the system
• Reviewing designs from a security perspective.
3. Implementation and development stage
• Reviewing code for implementation mistakes
• Security testing the various elements of the system, both independently and as a system
• Automated testing as part of the continuous integration (CI) development model
4. Deployment stage
• Building incident playbooks
5. Maintenance
• Ongoing testing
• Monitoring
In The assignment:
1. A project aim and objective will be setup that must have the business context
2. Selection Testing and credentialing secure app development across the SDLC and justify
3. Use Security Beyond Secure Coding - Challenging the traditional mindset where secure coding means a secure application.
4. The most comprehensive training program for application developers covering techniques such as input validation, defensive coding practices, authentication and authorization, cryptographic attacks, error handling techniques, session management techniques, among many others.
5. Conclusion and recommendation
6. Must use IEEE format
Attachment:- Secure Development and Deployment.rar