Software defined security

1.

Subject title

Software defined security

Софтверски дефинирана безбедност

2.

Code

F23L3S159

3.

Study program

Интернет, мрежи и безбедност, Примена на информациски технологии, Софтверско инженерство и информациски системи, Компјутерски науки, Компјутерско инженерство, Информатичка едукација, Software engineering and information systems, Примена на информациски технологии, Софтверско инженерство и информациски системи, Компјутерски науки, Компјутерско инженерство, Software engineering and information systems, Стручни студии за програмирање, Стручни студии за програмирање, Интернет, мрежи и безбедност, Cloud Computing,

4.

Organizer of the study program (unit, institute, department, division)

Faculty of Information Sciences and Computer Engineering

5.

Study cycle (first, second, third)

Прв циклус

6.

Academic year / semester

3 / Летен

7. Number of ECTS credits

6.0

8.

Instructor

проф. д-р Анастас Мишев ворн. проф. д-р Ристе Стојанов

9.

Prerequisites for enrollment

Освоени најмалку 100 ЕКТС

10.

Subject goals and competencies:

Understanding and applying the key concepts of secure software development in terms of data, authentication, authorization and secure web applications.

11.

Subject content:

Lectures: 1. Introduction to the Secure Development LifeCycle (SDL) 2. Introduction to Hacking Web Applications 3. Securing Modern Web Applications. 4. Cross-Site Scripting (XSS). Cross-Site Request Forgery (CSRF). XML External Entity (XXE). 5. Injection, Denial of Service (DoS), Exploiting Third-Party Dependencies 6. Secure Application Architecture 7. Code constructs promoting security - Domain Driven Design 8. Domain primitives, Ensuring integrity of state, Reducing complexity of state 9. Reviewing Code for Security 10. Leveraging your delivery pipeline for security 11. Vulnerability Discovery 12. Vulnerability Management Exercises: 1. Introduction to the Secure Development LifeCycle (SDL) 2. 3. 4. Defending Against XSS Attacks, Defending Against CSRF Attacks, Defending Against XXE 5. Defending Against Injection, Defending Against DoS, Securing Third-Party Dependencies. 6. Secure Application Architecture 7. Code constructs promoting security 8. Domain primitives, Ensuring integrity of state, Reducing complexity of state 9. Reviewing Code for Security 10. Leveraging your delivery pipeline for security 11. Vulnerability Discovery 12. Vulnerability Management

12.

Learning methods:

Предавања со користење на презентации, интерактивни предавања, вежби (користење на опрема и софтверски пакети), тимска работа, пример случаи, поканети гости предавачи, самостојна изработка и одбрана на проектна задача и семинарска работа.

13.

Total available time fund

6.0 ECTS x 30 hours = 180 hours

14.

Time distribution

30 + 45 + 15 + 15 + 75 = 180 hours

15.

Forms of teaching activities

15.1.

Lectures - theoretical teaching

30 hours

15.2.

Exercises (laboratory, classroom), seminars, team work

45 hours

16.

Other forms of activities

16.1.

Project tasks

15 hours

16.2.

Independent tasks

15 hours

16.3.

Homework

75 hours

17.

Grading method

17.1.

Tests

10 points

17.2.

Seminar work / project (presentation: written and oral)

15 points

17.3.

Activities and learning

10 points

17.4.

Final exam

70 points

18.

Grading criteria (points / grade)

up to 50 points

5 (five) (F)

from 51 to 60 points

6 (six) (E)

from 61 to 70 points

7 (seven) (D)

from 71 to 80 points

8 (eight) (C)

from 81 to 90 points

9 (nine) (B)

from 91 to 100 points

10 (ten) (A)

19.

Condition for signature and taking final exam

реализирани лабораториски вежби

20.

Language of instruction

македонски и англиски

21.

Quality assurance method

механизам на интерна евалуација и анкети

22.

Literature

22.1.

Mandatory literature

22.2.

Additional literature