SENG406-25S2 (C) Semester Two 2025

Software Security

15 points

Details:
Start Date: Monday, 14 July 2025
End Date: Sunday, 9 November 2025
Withdrawal Dates
Last Day to withdraw from this course:
  • Without financial penalty (full fee refund): Sunday, 27 July 2025
  • Without academic penalty (including no fee refund): Sunday, 28 September 2025

Description

Building secure software is an intricate task that involves careful design of both preemptive and corrective measures. This course will cover the secure development lifecycle where students will learn about techniques to model security threats, follow secure coding standards and perform security-focused testing to prevent software to expose vulnerabilities. Students will learn how to combine tools of various natures to identify threats as part of a continuous integration pipeline. The course also addresses data privacy and governance issues, including (indigenous) data sovereignty principles.

Covid-19 Update: Please refer to the course page on AKO | Learn for all information about your course, including lectures, labs, tutorials and assessments.

Learning Outcomes

1. Evaluate data privacy practices, e.g., policies, regulations (e.g., NZ Information Security Manual) and data sovereignty (e.g., Te Mana Raraunga Principles of Māori Data Sovereignty) [WA2, WA6, WA8]
2.  Critically evaluate different malicious strategies and their taxonomies, e.g., OWASP Top 10, MITRE ATT and CK(tm) [WA1, WA2, WA10]
3. Systematically evaluate and apply software resilience engineering principles, e.g., cryptography, security risk management and reinstatement methods in order to design resilience, strategies built from the literature and the current state of the practice [WA1, WA2, WA3]
4. Explain, apply and evaluate secure coding principles when creating software, e.g., defensive and offensive programming, canonisation, sanitisation and least privilege execution [WA2, WA4, WA10]
5. Apply, evaluate and develop software verification and validation strategies to discover security vulnerabilities, e.g., penetration, fuzzy and formal testing, as well as the usage of analysis tools [WA4, WA5]

University Graduate Attributes

This course will provide students with an opportunity to develop the Graduate Attributes specified below:

Critically competent in a core academic discipline of their award

Students know and can critically evaluate and, where applicable, apply this knowledge to topics/issues within their majoring subject.

Employable, innovative and enterprising

Students will develop key skills and attributes sought by employers that can be used in a range of applications.

Prerequisites

SENG201 and ENCE260, or
approval by the Head of Department

Restrictions

COSC424

Timetable 2025

Students must attend one activity from each section.

Lecture A
Activity Day Time Location Weeks
01 Wednesday 14:00 - 16:00 Rehua 103 Project Workshop
14 Jul - 24 Aug
8 Sep - 19 Oct
Computer Lab A
Activity Day Time Location Weeks
01 Thursday 16:00 - 18:00 Jack Erskine 136 Lab 4
14 Jul - 24 Aug
8 Sep - 19 Oct
02 Wednesday 16:00 - 18:00 Jack Erskine 136 Lab 4
14 Jul - 24 Aug
8 Sep - 19 Oct

Timetable Note

Please note that the course activity times advertised here are currently in draft form, to be finalised at the end of January for S1 and whole year courses, and at the end of June for S2 courses.

Please hold off enquiries about these times until those finalisation dates.

Course Coordinator

Fabian Gilson

Assessment

Assessment Due Date Percentage  Description
Vulnerabilities & Countermeasures 5% Week 3 - Presentation of a vulnerability (in class)
Resilience engineering and risk management plan 20% Week 4 - Develop a risk assessment plan of a company
Secure coding 20% Week 7 - Enhance existing code base using secure coding practices
Security evaluation of existing software 25% Week 12 - Conduct a security audit of an open source project
Final Examination 30% Examination on lecture material


Covid-19 Update: Please refer to the course page on AKO | Learn for all information about your course, including lectures, labs, tutorials and assessments.

Textbooks / Resources

Recommended Reading

James Ransome and Anmol Misra; Core Software Security: Security at the source ; Taylor & Francis Ltd, 2014 (Available at the library (e-book)).

Paul C. van Oorschot; Computer Security and the Internet ; Springer, 2021 (Author’s copy: https://people.scs.carleton.ca/~paulv/toolsjewels.html).

Ross Anderson; Security Engineering ; 1st Edition; Wiley John + Sons, 2020 (First edition available at the EPS library).

Additional Course Outline Information

Grade moderation

The Computer Science department's grading policy states that in order to pass a course you must meet two requirements:
1. You must achieve an average grade of at least 50% over all assessment items.
2. You must achieve an average mark of at least 45% on invigilated assessment items.

If you satisfy both these criteria, your grade will be determined by the following University-wide scale for converting marks to grades: an average mark of 50% is sufficient for a C- grade, an average mark of 55% earns a C grade, 60% earns a C+ grade and so forth. However if you do not satisfy both the passing criteria you will be given either a D or E grade depending on marks. Marks are sometimes scaled to achieve consistency between courses from year to year.

Students may apply for special consideration if their performance in an assessment is affected by extenuating circumstances beyond their control.

Applications for special consideration should be submitted via the Examinations Office website within five days of the assessment.

Where an extension may be granted for an assessment, this will be decided by direct application to the Department and an application to the Examinations Office may not be required.

Special consideration is not available for items worth less than 10% of the course.

Students prevented by extenuating circumstances from completing the course after the final date for withdrawing, may apply for special consideration for late discontinuation of the course. Applications must be submitted to the Examinations Office within five days of the end of the main examination period for the semester.

Special Consideration Applications for the Final Exam

Please click HERE for the CSSE Department's policy for the academic remedy of applications for a special consideration for final exams.

Indicative Fees

Domestic fee $1,176.00

International fee $5,475.00

* All fees are inclusive of NZ GST or any equivalent overseas tax, and do not include any programme level discount or additional course-related expenses.

For further information see Computer Science and Software Engineering .

All SENG406 Occurrences

  • SENG406-25S2 (C) Semester Two 2025