Secure Software Development

Secure Software Development

This module introduces students to secure software development's fundamental concepts and skills. Students will be provided with an overview of traditional and modern Software Development LifeCycle (SDLC) models. Emphasis is placed on the considerations of secure coding. In addition, the course provides students with a combination of understanding security principles and the use of automated testing tools. Students will be introduced to the techniques in an engaging format with a mix of hands-on exercises, group work, and individual activities.

Outcomes

  • Summary of the learning outcomes

I will learn to:

  • identify and manage security risks within a software development project.
  • analyze development problems critically and to use appropriate methods, tools and techniques (including program design and development) to solve them
  • design and develop/adapt computer programs, create a solution that meets design specifications and evaluate the solution created
  • systematically develop and apply skills to be an influential member of a development team in a virtual professional environment and take over real-world perspectives on team roles and organization
  • Units

The units of the module to achieve those learning outcomes:

  • Reflection

What exactly have I learnt and how?

What?
Liengtiraphan (2017, as cited in Rapaport, 2017: 26) states that 'Computer science is very empowering. It's kind of like knowing Magic: you learn the right stuff and how to say it, and out comes an answer that solves a real problem. That's so cool.' This statement has accompanied me throughout my studies. It started with the Introduction to Computer Science and ended with the Secure Software Development module. Before I started the last module, I thought it would not be easy. I have barely learned a programming language, and I already have to apply secure methods in the Software Development Life Circle (SDLC). So, I started this module without any background in secure development but with the motivation to take the next and final step before jumping into the workforce. I was also happy to get to know my fellow students very well before I left, as this module project was to develop an application related to secure software development jointly. We had to learn the right things to create something magical; the challenge was accepted.
The first project of this module was to create a design proposal using the Unified Modelling Language (UML) and following the steps of the SDLC. Then, with the result of the design proposal and the steps such as planning and requirements analysis, we were to create our final project. Ultimately, we created a National Cyber Threat Tracking System (NCTTS) to fight cybercrime in the Netherlands. It is an application that provides the public with an interface to report cyber vulnerabilities they discover so that the relevant government agency can fix them.

So what?
At the beginning of this module, we made a team contract and distributed the roles. Then, without dissenting votes, we chose someone to lead the team. Since then, everything has gone smoothly. We scheduled a team meeting every week to realise the module's tasks and the units' elaboration. I was not surprised that our team could work very well together as we all had the same goal: to graduate successfully.
Besides two other project topics, we initially agreed to develop a tracking system to fight cybercrime in the Netherlands. I was happy with each project topic. We created a design proposal in which we implemented all the requirements for the project. We also used the Secure SDLC to incorporate security methods into the development process. For example, we added mitigation solutions to the Open Web Application Security Project (OWASP) top 10 security risks and created a checklist for the design proposal. Discussing the top 10 security risks together gave my approach to software development in terms of security a much clearer meaning than before. I realised that I needed to be sufficiently aware of the risks in the computing world. For example, I learned that wherever data is shared and used to execute processes, there is a risk of cyberattacks if cybersecurity is not taken seriously.
To better understand the application, we used UML diagrams (Use Case Diagram, Class Diagram and Activity Diagram). Thanks to software development in the last module, I have already learned about the advantages of UML diagrams and why they are essential for the design phase in the development life cycle. My task in the design phase was to create a class diagram and help our team submit the design proposal with my ideas. From my observation of the design process, our teamwork was excellent. For example, through Google Cloud, we all worked on the UML diagrams simultaneously, designing the ideas and creating the corresponding UML syntax while meeting. Everyone was equally engaged in the team, and our time management was perfect, as was our communication. Even though the grade of the design proposal was lower than I expected, I am satisfied with our team's performance.
Since we all agreed to use Django for this project, I had to learn and teach myself the full-stack framework Django. Independently of the computer science course, I attended a Django Full-Stack Masterclass online course with a total of 19.5 hours. To be helpful for the development project, I planned to complete the course in 2-3 weeks. I have to admit that the weeks were tough. In the meantime, I worked full time, attended the seminars, worked out the units and created the design team project by the end of unit 6. I am very proud of myself because I have acquired new skills that will help me develop the code for the team project and make me a full-stack developer and, therefore, more valuable.
Developing the NCTTS application was fun because I could apply all my knowledge from the course. My part of the development was to create the front end, the administration page and the login functions. I immediately saw that the course helped me overcome all the challenges. In the end, I am thrilled with the outcome of the application and that we were able to submit the project on time. It looks great and fulfils almost everything we proposed in our design proposal. Of course, some functionalities have permanently changed during the implementation. Also, I am thankful that I had this team and that everyone was equally committed to the team and the project. In addition, I have gained software development, full-stack development and collaboration skills.

Now what?
With the new skills I gained from the module project, I will pack my backpack and leave gladly and successfully the University of Essex. At the beginning of the course, I read that I would be prepared to succeed as an entry-level software developer/programmer, web developer/programmer or information systems administrator. Now, at the end of the course, I am more than prepared for my journey into computer science. In my backpack are technical skills like Python, SQL, Jinja 2, HTML, CSS, and Django and soft skills like English, teamwork, leadership, problem-solving, time management, decision making and critical thinking. My next plan is to use all these skills to create my projects, learn more skills, and become a better full-stack developer. I am convinced that I can create with these skills something magical.

Reference:
Rapaport, W. (2017) What is Computer Science? Buffalo: University at Buffalo. Available from: https://cse.buffalo.edu/~rapaport/Papers/whatiscsapa-20170127- edited.pdf [Accessed 5 December 2022].
  • Skills Matrix and Action Plan

What skills have I gained or enhanced as a result of this module and how can I use it? What else do I need to learn?

Other Modules

Launching into computer science

Launching into Computer Science

The module explores the computer's fundamental theories and practices and then progressively examines trends and current developments in computer science.

Object-Oriented Programming

Object-Oriented Programming

In this module, students develop object-oriented programming skills using the object-oriented programming language Python.

Contact Me