Information Security Technology
Course Details

KTO KARATAY UNIVERSITY
Trade and Industry Vocational School
Programme of Information Security Technology
Course Details
Trade and Industry Vocational School
Programme of Information Security Technology
Course Details

| Course Code | Course Name | Year | Period | Semester | T+A+L | Credit | ECTS |
|---|---|---|---|---|---|---|---|
| 08120103 | Secure Software Development | 2025 | Spring | 2 | 2+2+0 | 4 | 4 |
| Course Type | Compulsory |
| Course Cycle | Associate (Short Cycle) (TQF-HE: Level 5 / QF-EHEA: Short Cycle / EQF-LLL: Level 5) |
| Course Language | Turkish |
| Methods and Techniques | - |
| Mode of Delivery | Face to Face |
| Prerequisites | - |
| Coordinator | Lect. Gizem ÇELİK |
| Instructor(s) | Lect. Seda YILDIRIM |
| Instructor Assistant(s) | - |
Course Instructor(s)
| Name and Surname | Room | E-Mail Address | Internal | Meeting Hours |
|---|---|---|---|---|
| Lect. Seda YILDIRIM | C-127 | [email protected] | 7915 | Monday 11:00-12:00 |
Course Content
Introduction to Secure Software Development
Software Security Fundamentals and Threat Types
Security in the Software Development Lifecycle (SDLC)
Secure Coding Principles and Best Practices
Input Validation and Data Validation Techniques
Authentication and Authorization Mechanisms
Encryption and Data Privacy
Web Application Security and the OWASP Top 10
SQL Injection, XSS, and Other Common Vulnerabilities
Secure Software Architecture and Design Patterns
Code Analysis, Security Testing, and Vulnerability Scanning
Error Management, Logging, and Event Monitoring
Security Policies, Standards, and Regulations
Term Project Presentations and Security Audit Assessment
Software Security Fundamentals and Threat Types
Security in the Software Development Lifecycle (SDLC)
Secure Coding Principles and Best Practices
Input Validation and Data Validation Techniques
Authentication and Authorization Mechanisms
Encryption and Data Privacy
Web Application Security and the OWASP Top 10
SQL Injection, XSS, and Other Common Vulnerabilities
Secure Software Architecture and Design Patterns
Code Analysis, Security Testing, and Vulnerability Scanning
Error Management, Logging, and Event Monitoring
Security Policies, Standards, and Regulations
Term Project Presentations and Security Audit Assessment
Objectives of the Course
The aim of this course is to teach the fundamental concepts of software security, types of threats, and secure software development processes. Students will learn how to integrate security into the Software Development Life Cycle (SDLC), apply secure coding principles, and identify and mitigate common vulnerabilities such as SQL Injection and XSS. They will also gain the ability to design secure software architectures, implement data protection techniques, and develop secure applications using authentication and authorization mechanisms.
Contribution of the Course to Field Teaching
| Basic Vocational Courses | |
| Specialization / Field Courses | X |
| Support Courses | |
| Transferable Skills Courses | |
| Humanities, Communication and Management Skills Courses |
Relationships between Course Learning Outcomes and Program Outcomes
| Relationship Levels | ||||
| Lowest | Low | Medium | High | Highest |
| 1 | 2 | 3 | 4 | 5 |
| # | Program Learning Outcomes | Level |
|---|---|---|
| P1 | He/she has basic, current and practical knowledge about his/her profession. | 5 |
| P3 | Follows current developments and practices for his/her profession and uses them effectively. | 5 |
| P11 | Explains and applies data security and encryption methods. | 5 |
| P13 | Identifies and fixes security vulnerabilities in computer and software systems. | 5 |
| P20 | To enable students to gain the competence to solve the problems they encounter in their academic and professional lives by using information technologies effectively and efficiently. | 5 |
Course Learning Outcomes
| Upon the successful completion of this course, students will be able to: | |||
|---|---|---|---|
| No | Learning Outcomes | Outcome Relationship | Measurement Method ** |
| O1 | Defines the fundamental concepts of information security. | P.1.1 | |
| O2 | Defines the fundamental principles and purpose of data security. | P.11.1 | 1 |
| O3 | Analyzes current security trends. | P.1.5 | 1,4,5 |
| O4 | Explains common security vulnerabilities in software and systems, and the causes of these vulnerabilities. | P.13.1 | 1 |
| O5 | Can use basic analysis and scanning tools employed to find security vulnerabilities. | P.13.2 | 7 |
| O6 | Evaluates the potential impact and risk level of a detected security vulnerability. | P.13.3 | 5 |
| O7 | Comprehends the importance of maintaining security controls throughout the lifecycle of systems and software, and applies the basic steps. | P.13.4 | 1,7 |
| O8 | Proposes and applies appropriate patches or code fixes to remediate detected security vulnerabilities. | P.13.5 | 1,7 |
| O9 | Reports the results obtained after security tests in a clear manner and presents them to relevant stakeholders. | P.13.6 | 5 |
| O10 | Is conscious of data security, ethics, and privacy issues, and applies these principles. | P.20.4 | 7 |
| ** Written Exam: 1, Oral Exam: 2, Homework: 3, Lab./Exam: 4, Seminar/Presentation: 5, Term Paper: 6, Application: 7 | |||
Weekly Detailed Course Contents
| Week | Topics |
|---|---|
| 1 | Introduction to Secure Software Development |
| 2 | Software Security Fundamentals and Threat Types |
| 3 | Security in the Software Development Lifecycle (SDLC) |
| 4 | Secure Coding Principles and Best Practices |
| 5 | Input Validation and Data Validation Techniques |
| 6 | Authentication and Authorization Mechanisms |
| 7 | Encryption and Data Privacy |
| 8 | Web Application Security and OWASP Top 10 |
| 9 | SQL Injection, XSS, and Other Common Vulnerabilities |
| 10 | Secure Software Architecture and Design Patterns |
| 11 | Code Analysis, Security Testing, and Vulnerability Scanning |
| 12 | Error Handling, Logging, and Event Monitoring |
| 13 | Security Policies, Standards, and Legal Regulations |
| 14 | Term Project Presentations and Security Audit Evaluation |
Textbook or Material
| Resources | Michael Howard, David LeBlanc, Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World, 2nd ed. Edition, Microsoft Press (2003) |
| Mark G. Graff, Kenneth R. Van Wyk, Secure Coding: Principles and Practices, O'Reilly Media (2003) | |
| Gerardus Blokdyk, Software Security Vulnerability A Complete Guide, 5STARCooks (2020) |
Evaluation Method and Passing Criteria
| In-Term Studies | Quantity | Percentage |
|---|---|---|
| Attendance | - | - |
| Laboratory | - | - |
| Practice | - | - |
| Field Study | - | - |
| Course Specific Internship (If Any) | - | - |
| Homework | - | - |
| Presentation | 1 | 20 (%) |
| Projects | - | - |
| Seminar | - | - |
| Quiz | - | - |
| Listening | - | - |
| Midterms | 1 | 30 (%) |
| Final Exam | 1 | 50 (%) |
| Total | 100 (%) | |
ECTS / Working Load Table
| Quantity | Duration | Total Work Load | |
|---|---|---|---|
| Course Week Number and Time | 14 | 2 | 28 |
| Out-of-Class Study Time (Pre-study, Library, Reinforcement) | 14 | 2 | 28 |
| Midterms | 1 | 10 | 10 |
| Quiz | 0 | 0 | 0 |
| Homework | 0 | 0 | 0 |
| Practice | 14 | 2 | 28 |
| Laboratory | 0 | 0 | 0 |
| Project | 0 | 0 | 0 |
| Workshop | 0 | 0 | 0 |
| Presentation/Seminar Preparation | 1 | 6 | 6 |
| Fieldwork | 0 | 0 | 0 |
| Final Exam | 1 | 20 | 20 |
| Other | 0 | 0 | 0 |
| Total Work Load: | 120 | ||
| Total Work Load / 30 | 4 | ||
| Course ECTS Credits: | 4 | ||
Course - Learning Outcomes Matrix
| Relationship Levels | ||||
| Lowest | Low | Medium | High | Highest |
| 1 | 2 | 3 | 4 | 5 |
| # | Learning Outcomes | P1 | P11 | P13 | P20 |
|---|---|---|---|---|---|
| O1 | Defines the fundamental concepts of information security. | 5 | 5 | - | - |
| O2 | Analyzes current security trends. | 5 | - | - | - |
| O3 | Defines the fundamental principles and purpose of data security. | - | 5 | - | - |
| O4 | Explains common security vulnerabilities in software and systems, and the causes of these vulnerabilities. | - | - | 5 | - |
| O5 | Can use basic analysis and scanning tools employed to find security vulnerabilities. | - | - | 5 | - |
| O6 | Evaluates the potential impact and risk level of a detected security vulnerability. | - | - | 4 | - |
| O7 | Comprehends the importance of maintaining security controls throughout the lifecycle of systems and software, and applies the basic steps. | - | - | 4 | - |
| O8 | Proposes and applies appropriate patches or code fixes to remediate detected security vulnerabilities. | - | - | 5 | - |
| O9 | Reports the results obtained after security tests in a clear manner and presents them to relevant stakeholders. | - | - | 5 | - |
| O10 | Is conscious of data security, ethics, and privacy issues, and applies these principles. | - | - | - | - |
