Advanced Security Topics

The cluster aims to further explore applied cybersecurity aspects related to the design, development, and protection of software systems. It introduces secure software design and secure development principles across the software lifecycle, emphasising methods and practices that reduce vulnerabilities and risks from analysis and design through implementation, testing, and verification.
The cluster also addresses major security issues in web and mobile systems by analysing common vulnerability classes and corresponding mitigation strategies. Laboratory activities support the application of concepts through guided case studies and the use of analysis and verification tools in controlled and authorised environments, fostering a methodical approach to identifying weaknesses and assessing the effectiveness of mitigations.
The cluster is organised into the modules Secure Software Design, Web and Mobile Security, and Cybersecurity Laboratory, designed in a coherent and coordinated manner. The modules jointly contribute to the intended learning outcomes by integrating secure design principles, web/mobile vulnerability knowledge, and verification activities in controlled settings, with attention to essential technical documentation and activity traceability.

Knowledge and understanding
At the end of the cluster, the student is able to:
· recognise major vulnerability classes in web and mobile contexts and describe typical causes and impacts;
· outline key principles of secure software design and secure development across the software lifecycle, including the role of requirements and verification.
Applying knowledge and understanding
At the end of the cluster, the student is able to:
· apply secure design and secure development principles along the software lifecycle, identifying critical points and basic security requirements in guided scenarios;
· perform introductory threat-modelling activities and relate threats, vulnerabilities, and mitigations at application level;
· apply mitigation strategies (e.g., input validation, session management, access control, data protection) in a justified manner, considering the addressed scenario and constraints;
· use static/dynamic analysis and testing tools with introductory methods to identify weaknesses and verify corrections in controlled and authorised laboratory scenarios.
Making judgements
The student develops the ability to:
· prioritise findings and remediation actions by qualitatively assessing impact, likelihood, and operational constraints, making explicit limitations and trade-offs;
· assess the effectiveness and residual risk of mitigation measures based on evidence gathered in guided case studies.
Communication skills
At the end of the cluster, the student is able to:
· document results and recommendations clearly, including rationale, prioritisation, limitations, and remediation trade-offs, using appropriate technical language.
Learning skills
The student acquires the ability to:
· stay up to date on secure design and secure development practices (guidelines, standards, frameworks) and transfer them to new application contexts;
· interpret security advisories and release notes (patches/updates) to plan mitigations and validation activities, assessing impact and prioritisation;
· learn new static/dynamic analysis and application security verification tools in controlled and authorised contexts, documenting procedures and results and operating in compliance with authorisation constraints.