Skip to content

This textbook is in beta – content is actively being refined. Report issues or suggestions

Year 12 — Secure Software Architecture

This module teaches students to build secure software systems from the ground up, integrating security principles throughout the software development lifecycle. Through practical Python examples, students learn to identify vulnerabilities, implement security controls, and create systems that protect user data and maintain system integrity.

Module Overview

Security is not an afterthought—it’s a fundamental requirement of modern software systems. This module teaches security-by-design principles, showing students how to build applications that are secure from the start, protect user privacy, and resist common attacks.

Key focus areas:

  • Security foundations and threat modeling

  • Core security principles and cryptography

  • Input validation and data protection

  • Secure system design and API security

  • Security testing and vulnerability management

Learning Outcomes

Students will develop the ability to:

  • Integrate security into software design and development processes (SE-12-01)

  • Apply core security principles including confidentiality, integrity, and availability (SE-12-07)

  • Implement secure systems with proper authentication, authorization, and data protection (SE-12-03, SE-12-04)

  • Test and evaluate security through systematic assessment and vulnerability management (SE-12-06)

  • Consider security ethics and legal implications in software development (SE-12-05)

Chapters

Chapter 14: Security Foundations

Business case for security, integrating security into SDLC, threat modeling, and user-centered security design that balances protection with usability.

Chapter 15: Core Security Principles

CIA triad (confidentiality, integrity, availability), AAA framework (authentication, authorization, accountability), cryptography fundamentals, and secure data protection techniques.

Chapter 16: Input Security and Data Protection

Input validation and sanitization, preventing injection attacks, privacy-by-design principles, and compliance with data protection regulations.

Chapter 17: System Security and APIs

Secure API design with authentication methods, secure execution and resource management, session handling, and protection against common system-level attacks.

Chapter 18: Security Testing and Vulnerabilities

Security testing fundamentals, vulnerability assessment, web application security, and systematic approaches to finding and fixing security weaknesses.

Chapter 19: Security in Context

Security in development teams, enterprise security benefits, ethical and legal considerations, and evaluating security program effectiveness.

Implementation Philosophy

This module emphasizes security-by-design thinking:

  • Python-only examples showing vulnerabilities and secure implementations

  • Progressive security integration from design to deployment

  • Practical focus on OWASP Top 10 and real-world attack patterns

  • Balance between security, usability, and performance

  • Ethical considerations and responsible security practices

Prerequisites

  • Solid Python programming skills

  • Understanding of web development concepts

  • Basic knowledge of software development processes

Getting Started

  1. Begin with Chapter 14 to understand security’s business value and design integration

  2. Progress through Chapters 15-17 to master security principles and implementation

  3. Complete with Chapters 18-19 to learn testing and broader security implications

The module builds comprehensive security skills from foundational concepts to enterprise-level security management.