Secure Software Development: Security Risks in Application Development

Introduction

The scenario is designed to prompt students to explore the security risks in rapid application development, methods of mitigating the risks, threats to particular software apps and secure registration.

Students are provided with a development scenario and are required to produce a report to address 2 tasks.

On successful completion of the scenario, students will be able to:

  1. Explain the differences between RAD and SDLC.
  2. Articulate the key risks involved in rapid development life cycles, and prescribe methods for mitigating them.
  3. Justify an approach for integrating security audit into the development of software Apps and the tasks that will be undertaken by the security team.
  4. Undertake a threat analysis against a mobile software app, and identify controls that would mitigate the threats.
  5. Identify a way in which the customer can register their mobile device with the service securely to mitigate against the threat of malware and social engineering.
  6. Explain good practice in securing software and have an awareness of relevant standards and codes of practice.

This page provides the resources for students to be able to complete the scenario as members of a small team facilitated by a tutor. The resources consist of an introductory video together with documents detailing the PBL problem statement, tasks and links to other materials that learners are expected to use to complete the tasks.

A facilitator guide and CSKE Guide to PBL provide additional information for tutors. The materials are modular, and the source is available so that they can be customized to other contexts, for example as part of an online course.




Once you have logged in or registered, you can access the full PBL documentation, including:

  • The CSKE PBL Learning Guide,
  • An Interactive Scenario Guide,
  • The Senario and Learning Resouces, and
  • Links to additional resouces.