1. Demonstrate knowledge and critical understanding of secure software application development concepts and principles relating to software security failure.

Knowledge & Understanding

2. Evaluate critically security enhanced programming approaches and their application to ensure secure application development.

Analysis

Problem Solving

3. Apply and reflect on the success of the use of secure software development concepts, principles and systems development methodologies in the development of secure solutions.

Learning

Application

Reflection

Design Documentation 50%

An application design document with supporting documentation discussing the security vulnerabilities within the requirements of the application and the approaches to resolve the vulnerabilities. (Learning Outcomes 1, 2)



Demonstration and Discussion 50%

A demonstration and discussion of the security vulnerabilities of an application and technical solutions to resolve the issues (Learning Outcomes 3)



Assessing aspects of the following CSTP KSBs:

K6: Algorithm and program design, concepts, compilers and logic. Programming languages

S6: Write, test, debug programs in high- and low-level languages and scripts

K7: Algorithms, complexity and discrete maths

S7: Design, implement and analyse algorithms

K8: How software interacts with the hardware and real-world environment and security issues

S8: Construct software to interact with the real world and analyse for security exploits
K10: Defensive programming, malware resistance, code analysis, formal methods, good practice

S10: Apply secure programming principles and design patterns to address security issues

K11: System development principles, tools, approaches, complexity, software engineering

S11: Apply system engineering and software development methodologies and models

K18: Security components: how they are used for security / business benefit. Crypto & key management

S18: Configure and use security technology components and key management

K19: How to compose a justified security case

S19: Design & evaluate a system to a security case

K20: Understand security assurance, how to achieve it and how to apply security principles

S20: Architect, analyse & justify a secure system

B2: Makes concise, engaging and well-structured verbal presentations, arguments and explanations

B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations

B10: Can conduct effective research, using literature and other media

B11: Logical thinking and creative approach to problem solving

B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make)

B15: A thorough approach to work in the cyber security role

Security and the Software Development Life Cycle

Secure Software Supply Chain

Secure Development Environments

Complier features

Securing your Source Code

Secure Programming

Defensive Programming (resisting malware)

Secrets in Code and Artifacts

Modelling a secure application

Risk Assessment and Threat modelling

Data confidentiality, integrity and availability

Patterns and Anti-Patterns

Cryptography

Trusting inputs

Handling failure

Web Security

Testing

This module will support the development and assessment of the following KSBs from the CSTP Apprenticeship Standard:

K6: Algorithm and program design, concepts, compilers and logic. Programming languages

S6: Write, test, debug programs in high- and low-level languages and scripts

K7: Algorithms, complexity and discrete maths

S7: Design, implement and analyse algorithms

K8: How software interacts with the hardware and real-world environment and security issues

S8: Construct software to interact with the real world and analyse for security exploits

K10: Defensive programming, malware resistance, code analysis, formal methods, good practice

S10: Apply secure programming principles and design patterns to address security issues

K11: System development principles, tools, approaches, complexity, software engineering

S11: Apply system engineering and software development methodologies and models

K18: Security components: how they are used for security / business benefit. Crypto & key management

S18: Configure and use security technology components and key management

K19: How to compose a justified security case

S19: Design & evaluate a system to a security case

K20: Understand security assurance, how to achieve it and how to apply security principles

S20: Architect, analyse & justify a secure system

B2: Makes concise, engaging and well-structured verbal presentations, arguments and explanations

B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations

B10: Can conduct effective research, using literature and other media

B11: Logical thinking and creative approach to problem solving

B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make)

B15: A thorough approach to work in the cyber security role



Learning within this module maps to the following Fundamental British Values:¿¿

Democracy



Learning within this module maps to the following principles of Safeguarding & Prevent:¿

Promoting safe environments



Learning within this module maps to the following principles of Equality, Diversity & Inclusion:¿

Bias prevention in security

Equal opportunities

Challenging discrimination

You will examine how security can be compromised throughout the software development process—from insecure code to vulnerable development environments. You’ll learn how to design and build secure applications by identifying and addressing common vulnerabilities, including legacy or weak code. Topics include secure development practices, risk assessment, threat modelling, cryptography, secure coding patterns, managing secrets, input validation, failure handling, and web security. You’ll also explore the secure software supply chain, development environments, and methods for testing and maintaining data confidentiality, integrity, and availability.

This module will be delivered in a blended learning mode consisting of face-to-face, online and guided learning sessions.

Teaching sessions will blend theory and practical learning, and most importantly where possible will seek to be contextualised in your workplace as part of your apprenticeship. You will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, students will be provided with a range of resources for independent study such as case studies, academic papers and industry case studies. There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help you build knowledge and confidence in preparation for summative (formal) assessment.

The delivery will be delivered as follows:

Module Launch week: 12 hours.
There will be a module launch week with up to 12 hours of face to face contact time devoted to developing your understanding of the core purpose and assessment of the module. You will be presented with details of how the learning will be structured and how to access to the learning materials for the remainder of the module.

Structured Learning Sessions: 15 hours
Following the module launch week you will have a further 15 hours of attendance-based contact time as a class with the module team. This will typically be as 10 x 1.5-hour online classes. Classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars. Some sessions maybe in flipped classroom style, where you will be expected to watch online recordings, read materials or respond to practical activities in preparation for active engagement with problem solving in the online session.

1:1 Progress Checks: 1 hour
As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20-minute meetings). Some of these may be in small groups if appropriate. These sessions may be used to discuss key topics, troubleshoot solutions, review working drafts etc.

Assignment Development: Time 30 hours

A typical assignment will take you a minimum 30 hours to complete.

This module includes 58 off-the-job (OTJ) training hours as standard, covering new learning funded by the apprenticeship levy. A total 200 nominal learning hours has been attributed to this module, incorporating OTJ training alongside broader academic development beyond levy-funded new learning.

Olmsted, A. (2024) Security-Driven Software Development: Learn to Analyze and Mitigate Risks in Your Software Projects. 1st edn. Birmingham: Packt Publishing, Limited.

Bulmash, G. & Segura, T. (2024) Crafting Secure Software: An engineering leader’s guide to security by design. Packt Publishing.

McGraw, G. (2023) Software Security: Building Security In. Addison-Wesley Professional.

Hyrynsalmi, S., Leppänen, M. & Smite, D. (2023) Modern Software Engineering Practices: Principles and Patterns for Developing Scalable and Maintainable Systems. Springer.

Kersten, M. (2023) Project to Product: How Value Stream Management Will Transform Your Digital Product Strategy. IT Revolution Press.

Sawano, D., Bergh Johnsson, D. and Deogun, D. (2019) Secure by Design. 1st edn. New York: Manning Publications Co. LLC.

Bulmash, G. and Segura, T. (2024) Crafting Secure Software: An engineering leader’s guide to security by design. Packt Publishing.

Kohnfelder, L. (2021) Designing Secure Software. No Starch Press.

Farley, D. (2021), Modern Software Engineering: Doing What Works to Build Better Software Faster, Addison-Wesley Professional; 1st edition¿

Wiegers, K. (2021), Software Development Pearls: Lessons from Fifty Years of Software Experience, Addison-Wesley Professional; 1st edition

Woods, A. (2021), Rules for Software Development: A Book About Professionalism, Andrew Woods

Fundamental Practices for Secure Software Development Essential Elements of a Secure Development Lifecycle Program Third Edition March 2018 SAFECode_Fundamental_Practices_for_Secure_Software_Development_March_2018.pdf