The module focuses on providing foundations of theory and practice for security-aware software development in common architectures. It involves exposing students to common software vulnerabilities and methods used in malware to exploit security (e.g., privilege escalation, memory leak, injection techniques, obfuscation and code mutation), and how to fix them across the software development lifecycle. As part of the module, students will learn reverse engineering techniques and get familiar with testing techniques and tools such as fuzzing, static analysis, and anti-debugging.
Total contact hours: 30
Private study hours: 120
Total study hours: 150
Method of assessment
2 hour written exam (50%)
2 practical assessments (2x25%)
OWASP, "Security by Design Principles", n.d., [Online].
Hoglund, G. and McGraw, G., "Exploiting Software: How to Break Code", 2004, Addison-Wesley.
Howard, M. and LeBlanc, D., “Writing Secure Code”, 2002, Microsoft Press.
Chess, B. and West, J., “Secure Programming with Static Analysis”, 2007, Addison-Wesley.
Eagle, C., The IDA Pro Book, 2nd Edition, 2017, No Starch Press.
On successfully completing the module students will be able to:
1 understand programming principles and best practices to implement secure-by-design systems, i.e., software which is robust and resilient to attacks;
2 develop analytical and practical skills (e.g., testing techniques and tools) to identify and avoid security vulnerabilities (e.g., implementation errors, logic flaws, and security
weaknesses) during all phases of software development;
3 understand reverse engineering methods and techniques helpful for malware analysis;
4 understand how security vulnerabilities in software can be exploited.
Back to top
Credit level 6. Higher level module usually taken in Stage 3 of an undergraduate degree.
- ECTS credits are recognised throughout the EU and allow you to transfer credit easily from one university to another.
- The named convenor is the convenor for the current academic session.
University of Kent makes every effort to ensure that module information is accurate for the relevant academic session and to provide educational services as described. However, courses, services and other matters may be subject to change. Please read our full disclaimer.