Students

COMP3310 – Secure Applications Development

2023 – Session 1, In person-scheduled-weekday, North Ryde

General Information

Download as PDF
Unit convenor and teaching staff Unit convenor and teaching staff Convenor and Lecturer
Natasha Fernandes
By Appointment (via email)
Lecturer
Ansgar Fehnker
By Appointment (via email)
Credit points Credit points
10
Prerequisites Prerequisites
130cp at 1000 level or above including COMP1010 and COMP1300 and (COMP2050 or COMP2110)
Corequisites Corequisites
Co-badged status Co-badged status
Unit description Unit description

This unit provides an introduction to the security consideration in application software development process in order to build secure applications. First, it introduces the basic concepts like software security risk and focuses on how to integrate security into different stages of application software development process, from requirement engineering and design, to code implementation and testing, to deployment and maintenance. Then, a range of typical implementation-level issues are discussed and the corresponding techniques and best practices are introduced, including topics like software auditing, buffer overflows, access control, password authentication, race conditions, input validation, database security, and client-side security, etc.

Important Academic Dates

Information about important academic dates including deadlines for withdrawing from units are available at https://www.mq.edu.au/study/calendar-of-dates

Learning Outcomes

On successful completion of this unit, you will be able to:

  • ULO1: Describe how security is integrated into different stages of the application development life cycle and explain the importance and the underlying logic.
  • ULO2: Assess application software security and identify the common security issues in application development through auditing and analysing source code and other documents.
  • ULO3: Understand and apply security related best practices to the application development process and address the common security issues for secure application development
  • ULO4: Communicate professionally in written and oral with technical and non-technical audience such as software developers/testers, business analysts, security managers, users, etc.

General Assessment Information

Requirements to Pass this Unit

To pass this unit you must:

  • Achieve a total mark equal to or greater than 50%, and
  • Participate in the hurdle activities for a minimum of 8 of the 12 weekly workshops

Hurdle Assessments

Weekly workshop tasks (10%)

Development of knowledge and skills requires continual practice at authentic problems in a laboratory-based setting. This unit has weekly laboratory classes and you must demonstrate your progress in developing knowledge and skills in a minimum of 8 of the 12 classes. This is a hurdle assessment meaning that failure to meet this requirement may result in a fail grade for the unit. Students are permitted up to four absences: additional absences will require a Special Consideration to be applied for (see below).   

General Faculty Policy on Assessment Submission: 

Online quizzes, in-class activities, or scheduled tests and exam must be undertaken at the time indicated in the unit guide. Should these activities be missed due to illness or misadventure, students may apply for Special Consideration.

All other assessments must be submitted by 11:55 pm on their due date.

Unless a Special Consideration request has been submitted and approved, a 5% penalty (of the total possible mark of the task) will be applied for each day a written report or presentation assessment is not submitted, up until the 7th day (including weekends). After the 7th day, a grade of ‘0’ will be awarded even if the assessment is submitted. The submission time for all uploaded assessments is 11:55 pm. A 1-hour grace period will be provided to students who experience a technical concern.  For any late submission of time-sensitive tasks, such as scheduled tests/exams, performance assessments/presentations, and/or scheduled practical assessments/labs, please apply for Special Consideration

Special Consideration

The Special Consideration Policy aims to support students who have been impacted by short-term circumstances or events that are serious, unavoidable and significantly disruptive, and which may affect their performance in assessment. 

Assignment/Group Project: If you experience circumstances or events that affect your ability to complete the assessments in this unit on time, please inform the convenor and submit a Special Consideration request through ask.mq.edu.au.

Weekly workshop tasks: To pass the unit you need to demonstrate ongoing development of skills and application of knowledge in 8 out of 12 of the weekly practical classes. If you miss a weekly practical class due to a serious, unavoidable and significant disruption, contact your convenor ASAP as you may be able to attend another class that week. 

If it is not possible to attend another class, you should still contact your convenor for access to class material to review in your own time. 

Note that a Special Consideration should only be applied for if you miss more than four of the weekly practical classes.   

Course Specific Guidelines

Your reports must be written in English. For full marks, your answers should be concise as well as accurate. Marks will be awarded for reasoning and method as well as correctness. Excessively verbose answers may be penalised.

Upload your reports as a single PDF document. Word documents are good for editing, but you should export or save the final version as a PDF. This is the format for reading.

Please state clearly on the first page of any written report, and in the comments of any program you write, who you work with. If we find that you copied work from others - people who are not on your team - it will be considered plagiarism.

If you have problems with your team member or partner please contact the convener. If you have any other problem with the assignment or the course, feel free to contact the convener.

Check regularly on iLearn for updates. This description may change if circumstances require it.

 

Assessment Tasks

Name Weighting Hurdle Due
Group project 40% No Week 13
Weekly workshop tasks 10% Yes Weekly
Final exam 30% No Exam period
Assignment 20% No First week of mid-semester break

Group project

Assessment Type 1: Project
Indicative Time on Task 2: 45 hours
Due: Week 13
Weighting: 40%

 

In this task, you are required to work with other students to form a project group, and develop an application with a focus on integrating security into your software development practice. Specifically, you should take security into consideration for the different stages of the software development lifecycle. Group presentation, peer review, reports describing the development process with decision-making justifications, source code and the relevant technical documents should be included in the group final delivery.

 


On successful completion you will be able to:
  • Describe how security is integrated into different stages of the application development life cycle and explain the importance and the underlying logic.
  • Assess application software security and identify the common security issues in application development through auditing and analysing source code and other documents.
  • Understand and apply security related best practices to the application development process and address the common security issues for secure application development
  • Communicate professionally in written and oral with technical and non-technical audience such as software developers/testers, business analysts, security managers, users, etc.

Weekly workshop tasks

Assessment Type 1: Practice-based task
Indicative Time on Task 2: 0 hours
Due: Weekly
Weighting: 10%
This is a hurdle assessment task (see assessment policy for more information on hurdle assessment tasks)

 

Each week there will be a small practical task or short quiz as part of the workshop that should be attempted seriously within the workshop. The tutor will review your work in class. Each week is worth 1 mark, up to a maximum of 10 for the whole session. This is a hurdle task, and you must complete at least 8 out of 12 weekly tasks to pass the unit.

 


On successful completion you will be able to:
  • Describe how security is integrated into different stages of the application development life cycle and explain the importance and the underlying logic.
  • Assess application software security and identify the common security issues in application development through auditing and analysing source code and other documents.
  • Understand and apply security related best practices to the application development process and address the common security issues for secure application development

Final exam

Assessment Type 1: Examination
Indicative Time on Task 2: 10 hours
Due: Exam period
Weighting: 30%

 

The final exam assesses students' knowledge and understanding on the importance and the process of secure applications development, as well as the security issues and techniques in secure applications development covered in the semester.

 


On successful completion you will be able to:
  • Describe how security is integrated into different stages of the application development life cycle and explain the importance and the underlying logic.
  • Assess application software security and identify the common security issues in application development through auditing and analysing source code and other documents.
  • Understand and apply security related best practices to the application development process and address the common security issues for secure application development

Assignment

Assessment Type 1: Portfolio
Indicative Time on Task 2: 30 hours
Due: First week of mid-semester break
Weighting: 20%

 

In this assignment, students are required to choose an appropriate code analysis and auditing tools to evaluate the security risks in the specified applications. You should produce a report describing the analysis and auditing process with justification, the results of the identified security issues, and the proposal of possible solutions.

 


On successful completion you will be able to:
  • Describe how security is integrated into different stages of the application development life cycle and explain the importance and the underlying logic.
  • Assess application software security and identify the common security issues in application development through auditing and analysing source code and other documents.
  • Understand and apply security related best practices to the application development process and address the common security issues for secure application development
  • Communicate professionally in written and oral with technical and non-technical audience such as software developers/testers, business analysts, security managers, users, etc.

1 If you need help with your assignment, please contact:

  • the academic teaching staff in your unit for guidance in understanding or completing this type of assessment
  • the Writing Centre for academic skills support.

2 Indicative time-on-task is an estimate of the time required for completion of the assessment task and is subject to individual variation

Delivery and Resources

Lectures

There are 2 hours of lectures per week, that will cover concepts and principles, that will be used or discussed in the workshops. The lectures will be recorded, but participation is highly recommended.

Workshops

Weekly workshops begin in Week 1. The weekly workshop will include practical exercises related to application development, as well as individual and group exercises related to the security context and best practices in software engineering. The practical component will require students to use a defined set of software development tools and services, and students are expected to become familiar with their use.  The individual and group exercises on context and practices will require students to present their contribution orally and/or in writing. The assessed workshop tasks will include practical, written, and well as oral presentation tasks.

Participation

The course includes assessment participatory tasks during the workshops. However, beyond this explicit assessment, we expect students to participate in workshops and lectures and be actively involved in group projects. 

Communication

We will communicate with students through announcements on the iLearn page. Queries to convenors can be made via the iLearn discussion board or by email from your university email address.

Recommended Texts

The books and text that will be mainly used in the course will be announced in week 1. The course does not have a single textbook. For different topics and weeks, we will recommend texts for further study. 

The projects and workshop may require students to find and study resources and texts themselves. In reports, students are expected to refer clearly to any resource or text that they are using.

The exam will only cover topics that have been explicitly covered during the workshops, earlier assessments, and during lectures.

COVID Information

For the latest information on the University’s response to COVID-19, please refer to the Coronavirus infection page on the Macquarie website: https://www.mq.edu.au/about/coronavirus-faqs. Remember to check this page regularly in case the information and requirements change during semester. If there are any changes to this unit in relation to COVID, these will be communicated via iLearn.

 

Policies and Procedures

Macquarie University policies and procedures are accessible from Policy Central (https://policies.mq.edu.au). Students should be aware of the following policies in particular with regard to Learning and Teaching:

Students seeking more policy resources can visit Student Policies (https://students.mq.edu.au/support/study/policies). It is your one-stop-shop for the key policies you need to know about throughout your undergraduate student journey.

To find other policies relating to Teaching and Learning, visit Policy Central (https://policies.mq.edu.au) and use the search tool.

Student Code of Conduct

Macquarie University students have a responsibility to be familiar with the Student Code of Conduct: https://students.mq.edu.au/admin/other-resources/student-conduct

Results

Results published on platform other than eStudent, (eg. iLearn, Coursera etc.) or released directly by your Unit Convenor, are not confirmed as they are subject to final approval by the University. Once approved, final results will be sent to your student email address and will be made available in eStudent. For more information visit ask.mq.edu.au or if you are a Global MBA student contact globalmba.support@mq.edu.au

Academic Integrity

At Macquarie, we believe academic integrity – honesty, respect, trust, responsibility, fairness and courage – is at the core of learning, teaching and research. We recognise that meeting the expectations required to complete your assessments can be challenging. So, we offer you a range of resources and services to help you reach your potential, including free online writing and maths support, academic skills development and wellbeing consultations.

Student Support

Macquarie University provides a range of support services for students. For details, visit http://students.mq.edu.au/support/

The Writing Centre

The Writing Centre provides resources to develop your English language proficiency, academic writing, and communication skills.

The Library provides online and face to face support to help you find and use relevant information resources. 

Student Services and Support

Macquarie University offers a range of Student Support Services including:

Student Enquiries

Got a question? Ask us via AskMQ, or contact Service Connect.

IT Help

For help with University computer systems and technology, visit http://www.mq.edu.au/about_us/offices_and_units/information_technology/help/

When using the University's IT, you must adhere to the Acceptable Use of IT Resources Policy. The policy applies to all who connect to the MQ network including students.

Changes from Previous Offering

There are no major changes to the unit operation from last offering.


Unit information based on version 2023.03 of the Handbook