INDUSTRIAL ENGINEERING
Bachelor	TR-NQF-HE: Level 6	QF-EHEA: First Cycle	EQF-LLL: Level 6

Course Introduction and Application Information

Course Code	Course Name	Semester	Theoretical	Practical	Credit	ECTS
COP4464	Wissen Academi- Writing Secure Code & Secure Coding Techniques	Fall	3	0	3	6

This catalog is for information purposes. Course status is determined by the relevant department at the beginning of semester.

Basic information

Language of instruction:	English
Type of course:	Non-Departmental Elective
Course Level:	Bachelor’s Degree (First Cycle)
Mode of Delivery:	Face to face
Course Coordinator :	Assist. Prof. ERKUT ARICAN
Course Objectives:	"The course introduces the secure software development process including designing secure applications, writing secure code that can withstand attacks, and security testing and auditing. It focuses on the security issues a developer faces, common security vulnerabilities and flaws, and security threats. The course explains security principles, strategies, coding techniques, and tools that can help make code more resistant to attacks. Students will write and analyze code that demonstrates specific security development techniques. This course covers intermediate and advanced techniques that systems and applications programmers can use to write new code securely, as well as to find and mitigate vulnerabilities in existing code. In addition to covering threats to legacy code, you will focus on discussing tools and techniques that can be used to secure large amounts of legacy code. This course will demonstrate how to use off-the-shelf tools to secure an existing, large enterprise application."

Learning Outcomes

The students who have succeeded in this course;
1) Understand the basics of secure programming
2) Understand the most frequent programming errors leading to software vulnerabilities
3) Identify and analyze security problems in software
4) Understand and protect against security threats and software vulnerabilities
5) Effectively apply their knowledge to the construction of secure software systems
6) Understand The Cybersecurity Concepts & Information Systems Security

Course Content

"This course is intended for 4th-year Software Engineering students. However, students in other departments of the College of Engineering can also take it. This course will be offered by Wissen Akademie & VDC Technology. A Computer Engineering faculty member will participate in all lectures.
Writing secure code is intended for professional use. Hence, this course will be a good addition to our current activities in Information Technologies field."

Weekly Detailed Course Contents

Week	Subject	Related Preparation
1)	The Need for Secure Systems
2)	The Proactive Security Development Process & Security Principles
3)	Threat Modeling & Secure Coding Techniques
4)	Buffer Overrun & Determining Access Control
5)	Running with Least Privilege & Cryptographic Foibles
6)	Protecting Data & Canonical Representation Issues
7)	Database Input Issues & Web-specific Input Issues
8)	Internationalization Issues & Socket Security
9)	Securing RPC, ActiveX Controls and DCOM & Protecting Against Denial of Service Attacks
10)	Security Testing
11)	Performing a Security Code Review
12)	Secure Software Installation
13)	"Building Privacy Into Your Application & General Good Practices Writing Security Documentation and Error Messages "
14)	General Review

Sources

Course Notes / Textbooks:	Writing Secure Code (Second Edition) - Michael Howard, David LeBlanc - ISBN 13: : 978-0735617223
References:

Evaluation System

Semester Requirements	Number of Activities	Level of Contribution
Attendance	14	% 10
Quizzes	1	% 30
Homework Assignments	1	% 20
Final	1	% 40
Total		% 100
PERCENTAGE OF SEMESTER WORK		% 60
PERCENTAGE OF FINAL WORK		% 40
Total		% 100

ECTS / Workload Table

Activities	Number of Activities	Duration (Hours)	Workload
Course Hours	14	3	42
Study Hours Out of Class	12	8	96
Homework Assignments	1	20	20
Midterms	1	3	3
Final	1	3	3
Total Workload			164

Contribution of Learning Outcomes to Programme Outcomes

No Effect	1 Lowest	2 Low	3 Average	4 High	5 Highest

	Program Outcomes	Level of Contribution
1)	Build up a body of knowledge in mathematics, science and industrial engineering subjects; use theoretical and applied information in these areas to model and solve complex engineering problems.
2)	Identify, formulate, and solve complex engineering problems; select and apply proper analysis and modeling methods for this purpose.
3)	Design a complex system, process, device or product under realistic constraints and conditions, in such a way as to meet the desired result; apply modern design methods for this purpose. The ability to apply modern design methods to meet this objective.
4)	Devise, select, and use modern techniques and tools needed for solving complex problems in industrial engineering practice; employ information technologies effectively.
5)	Design and conduct experiments, collect data, analyze and interpret results for investigating the complex problems specific to industrial engineering.
6)	Cooperate efficiently in intra-disciplinary and multi-disciplinary teams; and show self-reliance when working independently.
7)	Demonstrate effective communication skills in both oral and written English and Turkish. Writing and understanding reports, preparing design and production reports, making effective presentations, giving and receiving clear and understandable instructions.
8)	Recognize the need for lifelong learning; show ability to access information, to follow developments in science and technology, and to continuously educate him/herself.	3
9)	Develop an awareness of professional and ethical responsibility, and behaving accordingly. Information about the standards used in engineering applications.
10)	Know business life practices such as project management, risk management, and change management; develop an awareness of entrepreneurship, innovation, and sustainable development.	4
11)	Know contemporary issues and the global and societal effects of modern age engineering practices on health, environment, and safety; recognize the legal consequences of engineering solutions.
12)	Develop effective and efficient managerial skills.