| SOFTWARE ENGINEERING | |||||
| Bachelor | TR-NQF-HE: Level 6 | QF-EHEA: First Cycle | EQF-LLL: Level 6 | ||
| Course Code | Course Name | Semester | Theoretical | Practical | Credit | ECTS |
| SEN2008 | Software Security | Spring | 3 | 0 | 3 | 5 |
| Language of instruction: | English |
| Type of course: | Must Course |
| Course Level: | Bachelor’s Degree (First Cycle) |
| Mode of Delivery: | Face to face |
| Course Coordinator : | Dr. Öğr. Üyesi PINAR BÖLÜK |
| Course Objectives: | This course is a software engineering course where students will learn computer networks, network security and software security concepts. This course aims to provide students with the ability to solve computer networks and security problems in the computer system. After taking this class, students will have knowledge about Standards - RFCs, Network Security, Secure Software construction, attacks, and will have information about issues such as system vulnerabilities. |
|
The students who have succeeded in this course; 1. An ability to understand TCP/IP reference model 2. An ability to explain key networking protocols and their hierarchical relationship in the context of a conceptual model. 3. An ability to understand security concepts 4. An ability to identify potential threats and vulnerabilities of a computer networking and software system 5. An ability to have knowledge for building secure software |
| 1) Course Outline 2) Introduction : Overview of computer networks, Networking Basics, Protocol Layering, Physical Layer 3) Data Link Layer Concepts (I) : error detection and correction, elementary protocols, sliding window protocols 4) Data Link Layer Concepts (II) : Channel allocation problem, multiple Access, Ethernet 5) Network Layer Concepts (I): , internetworking, Internet Protocol (IP, IPv6) 6) Network Layer Concepts (II): Routing Protocols OSPF, BGP, multicasting 7) " Transport Layer Concepts (I): Services, elements of a transport protocol, TCP, UDP 8) Transport Layer Concepts (II): Congestion Control, Flow Control 9) Midterm exam 10) Security Fundamentals (I): Security Concepts, Vulnerabilities, Threats and Attacks 11) Security Fundamentals (II): Software Security, Information Assurance, Sources of Software Nontechnical security issues, Example Security Technologies 12) Computer and Network Security: Security Techniques (Encryption, digital signatures, message authentication, and hash functions, Use of cryptography for network security, Protection and defense mechanisms and tools 13) Software Security (I): Developing Secure Software, Secure design principles and patterns, Building security into the software development life cycle, Security in requirements 14) Software Security (II): Secure software construction techniques, Security-related verification and validation |
| Week | Subject | Related Preparation |
| 1) | Course Outline | |
| 2) | Introduction : Overview of computer networks, Networking Basics, Protocol Layering, Physical Layer | |
| 3) | Data Link Layer Concepts (I) : error detection and correction, elementary protocols, sliding window protocols | |
| 4) | Data Link Layer Concepts (II) : Channel allocation problem, multiple Access, Ethernet | |
| 5) | Network Layer Concepts (I): , internetworking, Internet Protocol (IP, IPv6) | |
| 6) | Network Layer Concepts (II): Routing Protocols OSPF, BGP, multicasting | |
| 7) | Transport Layer Concepts (I): Services, elements of a transport protocol, TCP, UDP | |
| 8) | Transport Layer Concepts (II): Congestion Control, Flow Control | |
| 9) | Midterm | |
| 10) | Security Fundamentals (I): Security Concepts, Vulnerabilities, Threats and Attacks | |
| 11) | Security Fundamentals (II): Software Security, Information Assurance, Sources of Software Nontechnical security issues, Example Security Technologies | |
| 12) | Computer and Network Security: Security Techniques (Encryption, digital signatures, message authentication, and hash functions, Use of cryptography for network security, Protection and defense mechanisms and tools | |
| 13) | Software Security (I): Developing Secure Software, Secure design principles and patterns, Building security into the software development life cycle, Security in requirements | |
| 14) | Software Security (II): Secure software construction techniques, Security-related verification and validation |
| Course Notes / Textbooks: | Computer Networking: A Top Down Approach Featuring the Internet”, 2005, 3th edition, Jim Kurose, Keith Ross, Addison-Wesley. ""Network Security"", Second Edition, Kaufman, Perlman, and Speciner 19 Deadly Sins of Software Security (Security One-off) by Michael Howard, David LeBlanc, John Viega Security in Computing, Fourth Edition, Pfleeger and Pfleeger, |
| References: |
| Semester Requirements | Number of Activities | Level of Contribution |
| Attendance | 4 | % 20 |
| Midterms | 1 | % 35 |
| Final | 1 | % 45 |
| Total | % 100 | |
| PERCENTAGE OF SEMESTER WORK | % 55 | |
| PERCENTAGE OF FINAL WORK | % 45 | |
| Total | % 100 | |
| Activities | Number of Activities | Duration (Hours) | Workload |
| Course Hours | 14 | 3 | 42 |
| Study Hours Out of Class | 5 | 8 | 40 |
| Quizzes | 4 | 5 | 20 |
| Midterms | 1 | 20 | 20 |
| Final | 1 | 20 | 20 |
| Total Workload | 142 | ||
| No Effect | 1 Lowest | 2 Low | 3 Average | 4 High | 5 Highest |
| Program Outcomes | Level of Contribution | |
| 1) | Be able to specify functional and non-functional attributes of software projects, processes and products. | |
| 2) | Be able to design software architecture, components, interfaces and subcomponents of a system for complex engineering problems. | |
| 3) | Be able to develop a complex software system with in terms of code development, verification, testing and debugging. | |
| 4) | Be able to verify software by testing its program behavior through expected results for a complex engineering problem. | |
| 5) | Be able to maintain a complex software system due to working environment changes, new user demands and software errors that occur during operation. | |
| 6) | Be able to monitor and control changes in the complex software system, to integrate the software with other systems, and to plan and manage new releases systematically. | |
| 7) | Be able to identify, evaluate, measure, manage and apply complex software system life cycle processes in software development by working within and interdisciplinary teams. | |
| 8) | Be able to use various tools and methods to collect software requirements, design, develop, test and maintain software under realistic constraints and conditions in complex engineering problems. | |
| 9) | Be able to define basic quality metrics, apply software life cycle processes, measure software quality, identify quality model characteristics, apply standards and be able to use them to analyze, design, develop, verify and test complex software system. | |
| 10) | Be able to gain technical information about other disciplines such as sustainable development that have common boundaries with software engineering such as mathematics, science, computer engineering, industrial engineering, systems engineering, economics, management and be able to create innovative ideas in entrepreneurship activities. | |
| 11) | Be able to grasp software engineering culture and concept of ethics and have the basic information of applying them in the software engineering and learn and successfully apply necessary technical skills through professional life. | |
| 12) | Be able to write active reports using foreign languages and Turkish, understand written reports, prepare design and production reports, make effective presentations, give clear and understandable instructions. | |
| 13) | Be able to have knowledge about the effects of engineering applications on health, environment and security in universal and societal dimensions and the problems of engineering in the era and the legal consequences of engineering solutions. |