Course Purpose
The purpose of this course is to enable learners to understand and apply the principles of integrating security into the software development lifecycle. It emphasizes the importance of embedding security activities at every stage of development, from design to deployment, and equips students with the knowledge and skills to build resilient, trustworthy, and compliant systems. Through practical methodologies, tools, and frameworks, learners will gain the ability to identify risks, design secure architectures, evaluate security requirements, and implement best practices for secure coding and testing. Ultimately, the course prepares students to contribute to the creation of software that meets organizational, regulatory, and user security expectations in real-world environments.
Course Learning Outcomes
By the end of this course, the students should be able to:
CLO 1: Define key concepts of secure software development, including threats, vulnerabilities, risks, and security principles.
CLO 2: Explain the importance of integrating security into the software development lifecycle and describe relevant methodologies, frameworks, and organizational policies.
CLO 3: Apply secure coding practices, testing techniques, and DevSecOps principles to develop resilient and secure software solutions.
CLO 4: Analyze architectural risks, vulnerabilities, and security requirements in software systems using structured risk assessment approaches.
Course Content
This course explores secure software development across the entire Software Development Life Cycle (SDLC), equipping learners with both theoretical understanding and practical skills to build and maintain secure systems. It emphasizes integrating security into development processes using industry frameworks such as the NIST Secure Software Development Framework (SSDF) and DevSecOps practices. Learners gain hands-on experience in identifying vulnerabilities, applying secure coding techniques, and conducting security testing while considering organizational and regulatory requirements. The course also covers secure architecture, risk analysis, and infrastructure security to ensure systems are protected at all layers. Structured into ten progressive modules, it moves from foundational concepts of software security to advanced topics such as secure design, CI/CD security, data protection, and compliance. Overall, the course prepares students to design and manage secure software solutions in modern computing environments.