SENG406-22S2 (C) Semester Two 2022

Software Security

15 points

Start Date: Monday, 18 July 2022
End Date: Sunday, 13 November 2022
Withdrawal Dates
Last Day to withdraw from this course:
  • Without financial penalty (full fee refund): Sunday, 31 July 2022
  • Without academic penalty (including no fee refund): Sunday, 2 October 2022


Building secure software is an intricate task that involves careful design of both preemptive and corrective measures. This course will cover the secure development lifecycle where students will learn about techniques to model security threats, follow secure coding standards and perform security-focused testing to prevent software to expose vulnerabilities. Students will learn how to combine tools of various natures to identify threats as part of a continuous integration pipeline. The course also addresses data privacy and governance issues, including (indigenous) data sovereignty principles.

Learning Outcomes

  • Evaluate data privacy practices, e.g., policies, regulations (e.g., NZ Information Security Manual) and data sovereignty (e.g., Te Mana Raraunga Principles of Māori Data Sovereignty).
  • Understand and critically assess different malicious strategies and their taxonomies, e.g., OWASP Top 10, MITRE ATT&CK(tm).
  • Systematically evaluate and apply software resilience engineering principles, e.g., cryptography, security risk management and reinstatement methods in order to design resilience, strategies built from the literature and the current state of the practice.
  • Explain, apply and evaluate secure coding principles when creating software, e.g., defensive and offensive programming, canonisation, sanitisation and least privilege execution.
  • Apply, evaluate and develop software verification and validation strategies to discover security vulnerabilities, e.g., penetration, fuzzy and formal testing, as well as the usage of analysis tools.


SENG201 and ENCE260, or
approval by the Head of Department


Timetable 2022

Students must attend one activity from each section.

Lecture A
Activity Day Time Location Weeks
01 Monday 12:00 - 14:00 Ernest Rutherford 140
18 Jul - 28 Aug
12 Sep - 23 Oct
Computer Lab A
Activity Day Time Location Weeks
01 Tuesday 09:00 - 11:00 Jack Erskine 131 Lab 1
18 Jul - 24 Jul
8 Aug - 28 Aug
19 Sep - 9 Oct
02 Thursday 09:00 - 11:00 Jack Erskine 133 Lab 2
18 Jul - 24 Jul
8 Aug - 28 Aug
19 Sep - 9 Oct
Tutorial A
Activity Day Time Location Weeks
01 Tuesday 09:00 - 11:00 E6 Lecture Theatre
25 Jul - 7 Aug
12 Sep - 18 Sep
10 Oct - 23 Oct
02 Thursday 09:00 - 11:00 Beatrice Tinsley 112
25 Jul - 7 Aug
12 Sep - 18 Sep
10 Oct - 23 Oct

Timetable Note

Please note that the course activity times advertised here are currently in draft form, to be finalised on Monday 31 January 2022 for S1 and whole year courses, and Monday 27 June 2022 for S2 courses. Please do hold off enquiries about these times till those finalisation dates.

Course Coordinator

Fabian Gilson


Assessment Due Date Percentage  Description
Resilience engineering and risk management plan 10% Week 4 - Develop a risk assessment plan of a company
Secure coding and testing 20% Week 6 - Enhance existing code base using secure coding practices
Literature Review 20% Week 8 - Conduct a literature review on a security-related question
Security evaluation of existing software 20% Week 12 - Conduct a security audit of an open source project
Final Examination 30% Examination on lecture material

Indicative Fees

Domestic fee $1,051.00

International fee $5,000.00

* All fees are inclusive of NZ GST or any equivalent overseas tax, and do not include any programme level discount or additional course-related expenses.

For further information see Computer Science and Software Engineering .

All SENG406 Occurrences

  • SENG406-22S2 (C) Semester Two 2022