Students
COMP3310 – Secure Applications Development
2024 – Session 1, In person-scheduled-weekday, North Ryde
General Information
Download as PDF
| Unit convenor and teaching staff |
Unit convenor and teaching staff
Convenor and Lecturer
Natasha Fernandes
By Appointment (via email)
Lecturer
Carl Svensson
The hour after the lecture on Wednesdays
|
|---|---|
| Credit points |
Credit points
10
|
| Prerequisites |
Prerequisites
130cp at 1000 level or above including COMP1010 and COMP1300 and (COMP2050 or COMP2110)
|
| Corequisites |
Corequisites
|
| Co-badged status |
Co-badged status
|
| Unit description |
Unit description
This unit provides an introduction to the security consideration in application software development process in order to build secure applications. First, it introduces the basic concepts like software security risk and focuses on how to integrate security into different stages of application software development process, from requirement engineering and design, to code implementation and testing, to deployment and maintenance. Then, a range of typical implementation-level issues are discussed and the corresponding techniques and best practices are introduced, including topics like software auditing, buffer overflows, access control, password authentication, race conditions, input validation, database security, and client-side security, etc. |
Important Academic Dates
Information about important academic dates including deadlines for withdrawing from units are available at https://www.mq.edu.au/study/calendar-of-dates
Learning Outcomes
On successful completion of this unit, you will be able to:
- ULO1: Describe how security is integrated into different stages of the application development life cycle and explain the importance and the underlying logic.
- ULO2: Assess application software security and identify the common security issues in application development through auditing and analysing source code and other documents.
- ULO3: Understand and apply security related best practices to the application development process and address the common security issues for secure application development
- ULO4: Communicate professionally in written and oral with technical and non-technical audience such as software developers/testers, business analysts, security managers, users, etc.
General Assessment Information
Requirements to Pass this Unit
To pass this unit you must:
- Achieve a total mark equal to or greater than 50%, and
- Participate in the hurdle activities for a minimum of 8 of the 12 weekly workshops
Hurdle Assessments
Weekly workshop tasks (10%)
Development of knowledge and skills requires continual practice at authentic problems in a laboratory-based setting. This unit has weekly laboratory classes and you must demonstrate your progress in developing knowledge and skills in a minimum of 8 of the 12 classes. This is a hurdle assessment meaning that failure to meet this requirement may result in a fail grade for the unit. Students are permitted up to four absences: additional absences will require a Special Consideration to be applied for (see below).
General Faculty Policy on Assessment Submission:
Online quizzes, in-class activities, or scheduled tests and exam must be undertaken at the time indicated in the unit guide. Should these activities be missed due to illness or misadventure, students may apply for Special Consideration.
All other assessments must be submitted by 11:55 pm on their due date.
Unless a Special Consideration request has been submitted and approved, a 5% penalty (of the total possible mark of the task) will be applied for each day a written report or presentation assessment is not submitted, up until the 7th day (including weekends). After the 7th day, a grade of ‘0’ will be awarded even if the assessment is submitted. The submission time for all uploaded assessments is 11:55 pm. A 1-hour grace period will be provided to students who experience a technical concern. For any late submission of time-sensitive tasks, such as scheduled tests/exams, performance assessments/presentations, and/or scheduled practical assessments/labs, please apply for Special Consideration.
Assessments where late submissions will be accepted:
- Weekly workshop tasks - NO, unless Special Consideration is granted.
- Assignment - YES, standard Late Penalty applies.
- Group project - NO, unless Special Consideration is granted.
Special Consideration
The Special Consideration Policy aims to support students who have been impacted by short-term circumstances or events that are serious, unavoidable and significantly disruptive, and which may affect their performance in assessment.
Assignment/Group Project: If you experience circumstances or events that affect your ability to complete the assessments in this unit on time, please inform the convenor and submit a Special Consideration request through ask.mq.edu.au.
Weekly workshop tasks: To pass the unit you need to demonstrate ongoing development of skills and application of knowledge in 8 out of 12 of the weekly practical classes. If you miss a weekly practical class due to a serious, unavoidable and significant disruption, contact your convenor ASAP as you may be able to attend another class that week.
If it is not possible to attend another class, you should still contact your convenor for access to class material to review in your own time.
Note that a Special Consideration should only be applied for if you miss more than four of the weekly practical classes.
Course Specific Guidelines
Your reports must be written in English. For full marks, your answers should be concise as well as accurate. Marks will be awarded for reasoning and method as well as correctness. Excessively verbose answers may be penalised.
Upload your reports as a single PDF document. Word documents are good for editing, but you should export or save the final version as a PDF. This is the format for reading.
Please state clearly on the first page of any written report, and in the comments of any program you write, who you work with. If we find that you copied work from others - people who are not on your team - it will be considered plagiarism.
If you have problems with your team member or partner please contact the convener. If you have any other problem with the assignment or the course, feel free to contact the convener.
Check regularly on iLearn for updates. This description may change if circumstances require it.
Assessment Tasks
| Name | Weighting | Hurdle | Due |
|---|---|---|---|
| Weekly workshop tasks | 10% | Yes | Weekly |
| Assignment | 20% | No | End of Week 8 |
| Group project | 40% | No | Week 12 and 13 |
| Final exam | 30% | No | During Exam Period |
Weekly workshop tasks
Assessment Type 1: Practice-based task
Indicative Time on Task 2: 0 hours
Due: Weekly
Weighting: 10%
This is a hurdle assessment task (see assessment policy for more information on hurdle assessment tasks)
Weekly workshops include either practical tasks or quizzes that need to be completed. These are hurdle tasks that will require students to complete at least 8 tasks to pass the unit. Students will have the opportunity to submit supplementary quizzes or tasks to assist to pass the hurdle.
On successful completion you will be able to:
- Describe how security is integrated into different stages of the application development life cycle and explain the importance and the underlying logic.
- Assess application software security and identify the common security issues in application development through auditing and analysing source code and other documents.
- Understand and apply security related best practices to the application development process and address the common security issues for secure application development
Assignment
Assessment Type 1: Portfolio
Indicative Time on Task 2: 30 hours
Due: End of Week 8
Weighting: 20%
In this assignment, students are required to choose an appropriate code analysis and auditing tools to evaluate the security risks in the specified applications. You should produce a report describing the analysis and auditing process with justification, the results of the identified security issues, and the proposal of possible solutions.
On successful completion you will be able to:
- Describe how security is integrated into different stages of the application development life cycle and explain the importance and the underlying logic.
- Assess application software security and identify the common security issues in application development through auditing and analysing source code and other documents.
- Understand and apply security related best practices to the application development process and address the common security issues for secure application development
- Communicate professionally in written and oral with technical and non-technical audience such as software developers/testers, business analysts, security managers, users, etc.
Group project
Assessment Type 1: Project
Indicative Time on Task 2: 45 hours
Due: Week 12 and 13
Weighting: 40%
In this task, you are required to work with other students to form a project group, and develop an application with a focus on integrating security into your software development practice. Specifically, you should take security into consideration for the different stages of the software development lifecycle. Group presentation, peer review, reports describing the development process with decision-making justifications, source code and the relevant technical documents should be included in the group final delivery.
On successful completion you will be able to:
- Describe how security is integrated into different stages of the application development life cycle and explain the importance and the underlying logic.
- Assess application software security and identify the common security issues in application development through auditing and analysing source code and other documents.
- Understand and apply security related best practices to the application development process and address the common security issues for secure application development
- Communicate professionally in written and oral with technical and non-technical audience such as software developers/testers, business analysts, security managers, users, etc.
Final exam
Assessment Type 1: Examination
Indicative Time on Task 2: 10 hours
Due: During Exam Period
Weighting: 30%
The final exam assesses students' knowledge and understanding on the importance and the process of secure applications development, as well as the security issues and techniques in secure applications development covered in the semester.
On successful completion you will be able to:
- Describe how security is integrated into different stages of the application development life cycle and explain the importance and the underlying logic.
- Assess application software security and identify the common security issues in application development through auditing and analysing source code and other documents.
- Understand and apply security related best practices to the application development process and address the common security issues for secure application development
1 If you need help with your assignment, please contact:
- the academic teaching staff in your unit for guidance in understanding or completing this type of assessment
- the Writing Centre for academic skills support.
2 Indicative time-on-task is an estimate of the time required for completion of the assessment task and is subject to individual variation
Delivery and Resources
Lectures
There are 2 hours of lectures per week, commencing in Week 1, that will cover concepts and principles, that will be used or discussed in the workshops. The lectures will be recorded, but participation is highly recommended.
Workshops
Weekly workshops begin in Week 1. The weekly workshop will include practical exercises related to application development, as well as individual and group exercises related to the security context and best practices in software engineering. The practical component will require students to use a defined set of software development tools and services, and students are expected to become familiar with their use. The individual and group exercises on context and practices will require students to present their contribution orally and/or in writing. The assessed workshop tasks will include practical, written, and well as oral presentation tasks.
Participation
The course includes assessment participatory tasks during the workshops. However, beyond this explicit assessment, we expect students to participate in workshops and lectures and be actively involved in group projects.
Communication
We will communicate with students through announcements on the iLearn page. Queries to convenors can be made via the iLearn discussion board or by email from your university email address.
Recommended Texts
The books and text that will be mainly used in the course will be announced in week 1. The course does not have a single textbook. For different topics and weeks, we will recommend texts for further study.
The projects and workshop may require students to find and study resources and texts themselves. In reports, students are expected to refer clearly to any resource or text that they are using.
The exam will only cover topics that have been explicitly covered during the workshops, earlier assessments, and during lectures.
COVID Information
For the latest information on the University’s response to COVID-19, please refer to the Coronavirus infection page on the Macquarie website: https://www.mq.edu.au/about/coronavirus-faqs. Remember to check this page regularly in case the information and requirements change during semester. If there are any changes to this unit in relation to COVID, these will be communicated via iLearn.
Unit Schedule
| Week Number | Lecture Topic Heading | Other Notes |
| 1 | Fundamentals | |
| 2 | Secure requirements | |
| 3 | Secure design | |
| 4 | Writing Secure Code | First census date (withdraw without financial penalty) |
| 5 | Code Analysis Tools | |
| 6 | Data Flow Problems + Control Flow Problems | Friday Public Holiday |
| 7 | Introduction to Web Security | Monday Public Holiday |
| 8 | Securing Web Apps | |
| MidSem1 | ||
| MidSem2 | Anzac Day Thursday Second Census date Sunday | |
| 9 | Securing Web Apps | |
| 10 | Testing and integration | |
| 11 | Secure Deployment | |
| 12 | DevSecOps | |
| 13 | Revision and questions | |
| 3 week exam period | Final paper-based exam (schedule released around week 9) |
Policies and Procedures
Macquarie University policies and procedures are accessible from Policy Central (https://policies.mq.edu.au). Students should be aware of the following policies in particular with regard to Learning and Teaching:
- Academic Appeals Policy
- Academic Integrity Policy
- Academic Progression Policy
- Assessment Policy
- Fitness to Practice Procedure
- Assessment Procedure
- Complaints Resolution Procedure for Students and Members of the Public
- Special Consideration Policy
Students seeking more policy resources can visit Student Policies (https://students.mq.edu.au/support/study/policies). It is your one-stop-shop for the key policies you need to know about throughout your undergraduate student journey.
To find other policies relating to Teaching and Learning, visit Policy Central (https://policies.mq.edu.au) and use the search tool.
Student Code of Conduct
Macquarie University students have a responsibility to be familiar with the Student Code of Conduct: https://students.mq.edu.au/admin/other-resources/student-conduct
Results
Results published on platform other than eStudent, (eg. iLearn, Coursera etc.) or released directly by your Unit Convenor, are not confirmed as they are subject to final approval by the University. Once approved, final results will be sent to your student email address and will be made available in eStudent. For more information visit ask.mq.edu.au or if you are a Global MBA student contact globalmba.support@mq.edu.au
Academic Integrity
At Macquarie, we believe academic integrity – honesty, respect, trust, responsibility, fairness and courage – is at the core of learning, teaching and research. We recognise that meeting the expectations required to complete your assessments can be challenging. So, we offer you a range of resources and services to help you reach your potential, including free online writing and maths support, academic skills development and wellbeing consultations.
Student Support
Macquarie University provides a range of support services for students. For details, visit http://students.mq.edu.au/support/
The Writing Centre
The Writing Centre provides resources to develop your English language proficiency, academic writing, and communication skills.
- Workshops
- Chat with a WriteWISE peer writing leader
- Access StudyWISE
- Upload an assignment to Studiosity
- Complete the Academic Integrity Module
The Library provides online and face to face support to help you find and use relevant information resources.
Student Services and Support
Macquarie University offers a range of Student Support Services including:
- IT Support
- Accessibility and disability support with study
- Mental health support
- Safety support to respond to bullying, harassment, sexual harassment and sexual assault
- Social support including information about finances, tenancy and legal issues
- Student Advocacy provides independent advice on MQ policies, procedures, and processes
Student Enquiries
Got a question? Ask us via AskMQ, or contact Service Connect.
IT Help
For help with University computer systems and technology, visit http://www.mq.edu.au/about_us/offices_and_units/information_technology/help/.
When using the University's IT, you must adhere to the Acceptable Use of IT Resources Policy. The policy applies to all who connect to the MQ network including students.
Changes from Previous Offering
There are no major changes to the unit operation from last offering. However, the toolchain selection may update based on new constraints by vendors or language options.
Unit information based on version 2024.02 of the Handbook