Information Security Technology
Course Details
KTO KARATAY UNIVERSITY
Trade and Industry Vocational School
Programme of Information Security Technology
Course Details
Trade and Industry Vocational School
Programme of Information Security Technology
Course Details
| Course Code | Course Name | Year | Period | Semester | T+A+L | Credit | ECTS |
|---|---|---|---|---|---|---|---|
| 08120103 | Secure Software Development | 1 | Spring | 2 | 2+2+0 | 4 | 4 |
| Course Type | Compulsory |
| Course Cycle | Associate (Short Cycle) (TQF-HE: Level 5 / QF-EHEA: Short Cycle / EQF-LLL: Level 5) |
| Course Language | Turkish |
| Methods and Techniques | - |
| Mode of Delivery | Face to Face |
| Prerequisites | - |
| Coordinator | Lect. Seda YILDIRIM |
| Instructor(s) | Lect. Gizem ÇELİK |
| Instructor Assistant(s) | - |
Course Instructor(s)
| Name and Surname | Room | E-Mail Address | Internal | Meeting Hours |
|---|---|---|---|---|
| Lect. Gizem ÇELİK | C-125 | [email protected] | 7434 | Friday 10:00-12:00 |
Course Content
Introduction to Secure Software Development
Software Security Fundamentals and Threat Types
Security in the Software Development Lifecycle (SDLC)
Secure Coding Principles and Best Practices
Input Validation and Data Validation Techniques
Authentication and Authorization Mechanisms
Encryption and Data Privacy
Web Application Security and the OWASP Top 10
SQL Injection, XSS, and Other Common Vulnerabilities
Secure Software Architecture and Design Patterns
Code Analysis, Security Testing, and Vulnerability Scanning
Error Management, Logging, and Event Monitoring
Security Policies, Standards, and Regulations
Term Project Presentations and Security Audit Assessment
Software Security Fundamentals and Threat Types
Security in the Software Development Lifecycle (SDLC)
Secure Coding Principles and Best Practices
Input Validation and Data Validation Techniques
Authentication and Authorization Mechanisms
Encryption and Data Privacy
Web Application Security and the OWASP Top 10
SQL Injection, XSS, and Other Common Vulnerabilities
Secure Software Architecture and Design Patterns
Code Analysis, Security Testing, and Vulnerability Scanning
Error Management, Logging, and Event Monitoring
Security Policies, Standards, and Regulations
Term Project Presentations and Security Audit Assessment
Objectives of the Course
The aim of this course is to teach the fundamental concepts of software security, types of threats, and secure software development processes. Students will learn how to integrate security into the Software Development Life Cycle (SDLC), apply secure coding principles, and identify and mitigate common vulnerabilities such as SQL Injection and XSS. They will also gain the ability to design secure software architectures, implement data protection techniques, and develop secure applications using authentication and authorization mechanisms.
Contribution of the Course to Field Teaching
| Basic Vocational Courses | |
| Specialization / Field Courses | X |
| Support Courses | |
| Transferable Skills Courses | |
| Humanities, Communication and Management Skills Courses |
Relationships between Course Learning Outcomes and Program Outcomes
| Relationship Levels | ||||
| Lowest | Low | Medium | High | Highest |
| 1 | 2 | 3 | 4 | 5 |
| # | Program Learning Outcomes | Level |
|---|---|---|
| P1 | He/she has basic, current and practical knowledge about his/her profession. | 5 |
| P3 | Follows current developments and practices for his/her profession and uses them effectively. | 5 |
| P11 | Explains and applies data security and encryption methods. | 5 |
| P13 | Identifies and fixes security vulnerabilities in computer and software systems. | 5 |
| P20 | To enable students to gain the competence to solve the problems they encounter in their academic and professional lives by using information technologies effectively and efficiently. | 5 |
Course Learning Outcomes
| Upon the successful completion of this course, students will be able to: | |||
|---|---|---|---|
| No | Learning Outcomes | Outcome Relationship | Measurement Method ** |
| O1 | P.1.1 | ||
| O2 | P.11.1 | 1 | |
| O3 | P.1.5 | 1,4,5 | |
| O4 | P.13.1 | 1 | |
| O5 | P.13.2 | 7 | |
| O6 | P.13.3 | 5 | |
| O7 | P.13.4 | 1,7 | |
| O8 | P.13.5 | 1,7 | |
| O9 | P.13.6 | 5 | |
| O10 | P.20.4 | 7 | |
| ** Written Exam: 1, Oral Exam: 2, Homework: 3, Lab./Exam: 4, Seminar/Presentation: 5, Term Paper: 6, Application: 7 | |||
Weekly Detailed Course Contents
| Week | Topics |
|---|---|
| 1 | Introduction to Secure Software Development |
| 2 | Software Security Fundamentals and Threat Types |
| 3 | Security in the Software Development Lifecycle (SDLC) |
| 4 | Secure Coding Principles and Best Practices |
| 5 | Input Validation and Data Validation Techniques |
| 6 | Authentication and Authorization Mechanisms |
| 7 | Encryption and Data Privacy |
| 8 | Web Application Security and OWASP Top 10 |
| 9 | SQL Injection, XSS, and Other Common Vulnerabilities |
| 10 | Secure Software Architecture and Design Patterns |
| 11 | Code Analysis, Security Testing, and Vulnerability Scanning |
| 12 | Error Handling, Logging, and Event Monitoring |
| 13 | Security Policies, Standards, and Legal Regulations |
| 14 | Term Project Presentations and Security Audit Evaluation |
Textbook or Material
| Resources | Michael Howard, David LeBlanc, Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World, 2nd ed. Edition, Microsoft Press (2003) |
| Mark G. Graff, Kenneth R. Van Wyk, Secure Coding: Principles and Practices, O'Reilly Media (2003) | |
| Gerardus Blokdyk, Software Security Vulnerability A Complete Guide, 5STARCooks (2020) |
Evaluation Method and Passing Criteria
| In-Term Studies | Quantity | Percentage |
|---|---|---|
| Attendance | - | - |
| Laboratory | - | - |
| Practice | - | - |
| Field Study | - | - |
| Course Specific Internship (If Any) | - | - |
| Homework | - | - |
| Presentation | 1 | 20 (%) |
| Projects | - | - |
| Seminar | - | - |
| Quiz | - | - |
| Listening | - | - |
| Midterms | 1 | 30 (%) |
| Final Exam | 1 | 50 (%) |
| Total | 100 (%) | |
ECTS / Working Load Table
| Quantity | Duration | Total Work Load | |
|---|---|---|---|
| Course Week Number and Time | 14 | 2 | 28 |
| Out-of-Class Study Time (Pre-study, Library, Reinforcement) | 14 | 2 | 28 |
| Midterms | 1 | 10 | 10 |
| Quiz | 0 | 0 | 0 |
| Homework | 0 | 0 | 0 |
| Practice | 14 | 2 | 28 |
| Laboratory | 0 | 0 | 0 |
| Project | 0 | 0 | 0 |
| Workshop | 0 | 0 | 0 |
| Presentation/Seminar Preparation | 1 | 6 | 6 |
| Fieldwork | 0 | 0 | 0 |
| Final Exam | 1 | 20 | 20 |
| Other | 0 | 0 | 0 |
| Total Work Load: | 120 | ||
| Total Work Load / 30 | 4 | ||
| Course ECTS Credits: | 4 | ||
Course - Learning Outcomes Matrix
| Relationship Levels | ||||
| Lowest | Low | Medium | High | Highest |
| 1 | 2 | 3 | 4 | 5 |
| # | Learning Outcomes | P1 | P11 | P13 | P20 |
|---|---|---|---|---|---|
| O1 | Bilişim güvenliği temel kavramlarını tanımlar. | 5 | 5 | - | - |
| O2 | Güncel güvenlik trendlerini analiz eder. | 5 | - | - | - |
| O3 | Veri güvenliğinin temel prensiplerini ve amacını tanımlar. | - | 5 | - | - |
| O4 | Yazılım ve sistemlerdeki yaygın güvenlik açıklarını ve bu açıkların nedenlerini açıklar. | - | - | 5 | - |
| O5 | Güvenlik açıklarını bulmak için kullanılan temel analiz ve tarama araçlarını kullanabilir. | - | - | 5 | - |
| O6 | Tespit edilen bir güvenlik açığının olası etkisini ve risk seviyesini değerlendirir. | - | - | 4 | - |
| O7 | Sistem ve yazılımların yaşam döngüsü boyunca güvenlik kontrollerini sürdürmenin önemini kavrar ve temel adımlarını uygular. | - | - | 4 | - |
| O8 | Tespit edilen güvenlik açıklarını kapatmak için uygun yamaları veya kod düzeltmelerini önerir ve uygular. | - | - | 5 | - |
| O9 | Güvenlik testleri sonrasında elde edilen sonuçları anlaşılır bir şekilde raporlar ve ilgili paydaşlara sunar. | - | - | 5 | - |
| O10 | Veri güvenliği, etik ve gizlilik konularında bilinçli olma ve bu ilkeleri uygulayabilme. | - | - | - | - |