Introduction to Secure Software Concepts

What is Secure Software?

● Secure software is designed and developed to resist unauthorized access, modification,

disclosure, or denial of service.
● It aims to protect the confidentiality, integrity, and availability of data and system resources.
The CIA Triad

● The CIA triad is a fundamental security model that represents the three core objectives of
information security:
○ Confidentiality: Ensures that information is only accessible to authorized individuals.
○ Integrity: Guarantees that information is accurate and unaltered.
○ Availability: Ensures that information and system resources are accessible to authorized
users when needed.
Common System Issues in Software Security

● Vulnerabilities: Weaknesses or flaws in software code that can be exploited by attackers.

● Injection attacks: Malicious code injected into user input to gain unauthorized access or
control.
● Cross-site scripting (XSS): Attackers inject malicious scripts into a website to steal user
data or redirect users to malicious websites.
● Buffer overflows: Writing data beyond the allocated memory buffer, potentially allowing
attackers to execute arbitrary code.
● Broken authentication: Weak or compromised authentication mechanisms allowing
 unauthorized users to access systems.

Mitigating System Issues in Software Security

● Secure coding practices: Implement secure coding techniques to avoid common

vulnerabilities.
● Input validation: Sanitize and validate all user input to prevent malicious code injection.
● Least privilege: Grant users the minimum permissions required to perform their tasks.
● Regular security testing: Conduct regular penetration testing and vulnerability assessments
to identify and address potential security issues.
● Secure coding standards: Adhere to established secure coding standards and guidelines.
Conclusion

● Secure software development is crucial in today's world, where cyber threats are constantly
evolving.
● By understanding the fundamental concepts of secure software and the common system
issues that can compromise security, we can develop software that is more reliable and
trustworthy.

Software Project Costing

Understanding and planning for financial resources

Software development projects involve a multitude of financial considerations. Accurately

estimating these costs is critical for effective planning, budgeting, and ultimately, project
success. This lecture will delve into the key factors involved in software project costing,
exploring strategies for developing realistic estimates.

Components of Software Project Cost

Breaking down the financial landscape
● Personnel: Salaries, benefits, and other expenses associated with project team members,
including developers, testers, and project managers.
● Hardware: Cost of acquiring or leasing hardware resources like servers, workstations, and
network equipment.
● Software: Cost of licenses for development tools, operating systems, and other software
used in the project.
● Other costs: Expenses related to training, documentation, travel, and other miscellaneous
project needs.
● Risk mitigation: Costs associated with activities to avoid, reduce, or transfer project risks,
such as insurance or implementing redundant systems.

Personnel costs typically form a significant portion of the overall project budget. Hardware,
software, and other costs vary depending on the project's specific needs and chosen
technologies. It's essential to consider risk mitigation costs as well, as they can help prevent
potential cost escalations due to unforeseen issues.

Estimating Software Project Costs

Quantifying the financial investment

● Function Point Analysis (FPA): Estimates cost based on the functionality delivered,
focusing on user requirements.
● Expert Judgment: Leveraging the experience and knowledge of domain experts to estimate
project costs based on historical data or similar projects.
● Bottom-Up Estimating: Breaking down the project into smaller tasks, estimating individual
costs, and then summing them up for a total project cost estimate.
● Top-Down Estimating: Estimating the overall project cost based on historical data, industry
benchmarks, or similar projects, and then allocating portions to specific project components.

There are various established methods for estimating software project costs. Choosing the most
suitable approach depends on the project's characteristics, available data, and desired level of
accuracy. Combining multiple estimation techniques can sometimes enhance the reliability of
the cost estimates.

Introduction to Software Quality Assurance (QA)

Ensuring software excellence

● Software quality assurance (QA) is a process of systematically ensuring the developed

software meets the specified requirements and adheres to established quality standards.
● QA activities include:
○ Defining quality criteria: Establishing clear and measurable criteria for software quality.
○ Testing: Performing comprehensive test cases to identify defects and ensure software
functionality meets requirements.
○ Reporting and defect tracking: Reporting identified defects and tracking their resolution
throughout the development process.

Software QA plays a vital role in guaranteeing that the developed software is reliable, functional,
and meets user expectations. QA activities help identify and address issues early in the
development process, preventing costly rework and ensuring timely delivery of high-quality
software.

Security Concepts in the Software Development Life

Cycle (SDLC)
Building secure software from the ground up

● The Secure Development Lifecycle (SDLC) integrates security considerations into all phases
of software development, fostering a proactive approach to security.
● Key security concepts in the SDLC include:
○ Threat modeling: Identifying potential threats and vulnerabilities early in the development
process.
○ Secure coding practices: Implementing coding practices that minimize the risk of
 security vulnerabilities.
○ Security testing: Performing vulnerability assessments and penetration testing to identify
and address security weaknesses.
○ Incident response: Establishing processes for identifying, responding to, and recovering
from security incidents.

By proactively integrating security considerations throughout the SDLC, we can build software
that is more resistant to attacks and better protects sensitive data. This comprehensive
approach helps mitigate

SDLC
Model Description Advantages Disadvantages

Sequential approach
with distinct phases:
Requirements: Lack of flexibility
for changes,
 Design difficult to
 Implementation Clear and accommodate
 Testing well- customer
Waterfall  Deployment structured feedback late in
Model  Maintenance process the process

Incremental approach
with cycles of
development and Allows for Requires frequent
testing, allowing for early delivery iterations and
Iterative feedback and of partial may result in
Model adjustments solutions scope creep

Iterative model with

emphasis on risk
management, involving
repeated cycles of Allows for Complex and
planning, risk analysis, extensive risk time-consuming,
Spiral engineering, and management may be costly for
Model evaluation and mitigation small projects
 SDLC
Model Description Advantages Disadvantages

Strong
Sequential approach emphasis on Rigid structure,
similar to Waterfall, but testing difficult to
with corresponding throughout the accommodate
testing phase for each development changes late in
V-Model development phase lifecycle the process

Understanding System Properties

we will explore the concept of system properties, which are essential characteristics that define
the behavior and functionality of a software system. Understanding these properties is crucial
for designing, developing, and maintaining reliable and efficient software.

What are System Properties?

● System properties are characteristics that describe the overall behavior of a software system.
● They encompass various aspects, including:
○ Performance: How well the system executes tasks in terms of speed, responsiveness,
and resource utilization.
○ Reliability: The ability of the system to deliver consistent and accurate results under
various conditions.
○ Security: The ability of the system to protect itself from unauthorized access, modification,
disclosure, or denial of service.
○ Maintainability: The ease with which the system can be modified, repaired, and adapted
to changing requirements.
○ Scalability: The ability of the system to handle increasing workloads or adapt to changing
environments.

Imagine a computer network. We expect it to be performant by delivering information quickly,

reliable by providing consistent and accurate data, and secure by safeguarding sensitive
information. These are just a few examples of system properties that are crucial for a well-
functioning system.

Importance of System Properties

● System properties are critical for the success of any software project.
● They impact various aspects, including:
○ User experience: Users expect systems to be responsive and reliable, impacting their
overall satisfaction.
○ Business value: Reliable and secure systems can help businesses operate efficiently and
protect sensitive data.
○ Development effort: Designing for specific properties can affect the development process
and resource allocation.

System properties are not just technical considerations; they directly impact the user
experience, business value, and development effort. By prioritizing and meeting these
properties, we can develop software that is not only functional but also meets the needs of
users and stakeholders.

Balancing System Properties

● Balancing different system properties can be challenging.
● For example, improving performance might require sacrificing some security measures.
● It's crucial to understand trade-offs and make informed decisions based on specific project
requirements and priorities.

There's often a trade-off between different system properties. As we enhance one aspect, like
performance, we might need to adjust another, like security. It's important to find the right
balance based on the specific needs of the project. This requires careful analysis,
communication, and collaboration among stakeholders to ensure the developed software meets
its intended purpose while maintaining a reasonable level of other essential properties.

Software Project Time Management

● Effective time management is essential for successful software project execution.
● Key aspects include:
○ Scope definition: Clearly defining the project's features and functionality to avoid scope
creep and unexpected delays.
○ Work breakdown structure (WBS): Breaking down the project into smaller, manageable
tasks to improve planning and estimation.
○ Time estimation: Accurately estimating the time required for each task to create a
realistic project timeline.
○ Scheduling: Creating a schedule for task completion, considering dependencies and
resource availability.
○ Monitoring and tracking: Regularly monitoring progress and tracking deviations from the
schedule to identify potential issues and take corrective actions.

Time management is crucial for delivering software projects on time and within budget. By
following an organized approach with proper planning, scheduling, and monitoring, project
teams can ensure efficient use of resources and timely completion of project deliverables.

Conclusion
● Understanding system properties is essential for building reliable, efficient, and secure
software.
● Effective time management ensures project success by maximizing resource utilization and
delivering projects on time and within budget.