ECTS Information Package / Course Catalogue
HOME INSTITUTIONAL INFORMATION
INFORMATION ON DEGREE PROGRAMMES
Information Security Technology
CERTIFICATE PROGRAMMES
    USEFUL INFORMATION, RESOURCES & SERVICES FOR STUDENTS
    USEFUL LINKS AND DOCUMENTSADITIONAL & SUPPORTING INFORMATION

    SECTION I: GENERAL INFORMATION ABOUT THE COURSE
    Course Code Course Name Year Semester Theoretical Practical Credit ECTS
    50613METOZ-BGP0042 Secure Web Software Development 1 Spring 2 1 3 3
    Course Type : Compulsory
    Cycle: Associate      TQF-HE:5. Master`s Degree      QF-EHEA:Short Cycle      EQF-LLL:5. Master`s Degree
    Language of Instruction: Turkish
    Prerequisities and Co-requisities: N/A
    Mode of Delivery: Face to face
    Name of Coordinator: Instructor BUKET DÖNMEZ
    Dersin Öğretim Eleman(lar)ı:

    Dersin Kategorisi: Programme Specific

    SECTION II: INTRODUCTION TO THE COURSE

    Course Objectives & Content

    Course Objectives: With this course, it is aimed to use the necessary structures for the prevention of weaknesses in web applications and to produce them in some cases.
    Course Content: General HTTP information and history, HTTP / 2 and its differences, security-related HTTP headers, types of vulnerabilities in web applications, passive and active information collection

    Course Specific Rules

    Fundamental Principles: Every project must be designed in accordance with security principles.
    Code Review: All code must be reviewed by at least one peer.
    Documentation: Every stage of the software must be thoroughly documented.
    Updates: Libraries and tools must be used in their latest versions.
    Testing Process: Security tests are mandatory in every development cycle.
    Responsibility: Each student is responsible for the security of their own project.

    Course Learning Outcomes (CLOs)

    Course Learning Outcomes (CLOs) are those describing the knowledge, skills and competencies that students are expected to achieve upon successful completion of the course. In this context, Course Learning Outcomes defined for this course unit are as follows:
    Knowledge (Described as Theoritical and/or Factual Knowledge.)
      1) Know the concepts of HTTP.
      2) Knows the types of vulnerabilities seen in web applications.
      3) Knows the software security vulnerabilities.
      4) Knows active and passive information gathering methods.
    Skills (Describe as Cognitive and/or Practical Skills.)
      1) Web application prevents vulnerabilities.
    Competences (Described as "Ability of the learner to apply knowledge and skills autonomously with responsibility", "Learning to learn"," Communication and social" and "Field specific" competences.)

    Weekly Course Schedule

    Week Subject
    Materials Sharing *
    Related Preparation Further Study
    1) General HTTP information and history Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
    2) HTTP/2 and its differences Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
    3) Security-related HTTP headers Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
    4) Types of vulnerabilities seen in web applications Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
    5) Types of vulnerabilities seen in web applications Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
    6) Types of vulnerabilities seen in web applications Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
    7) Types of vulnerabilities seen in web applications Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
    8) Midterm
    9) Web Software Security Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
    10) Web Software Security Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
    11) Web Application Security Components Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
    12) Web Application Security Components Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
    13) Web Application Security Components Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
    14) Passive Information Gathering Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
    15) Active Information Gathering Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and otherresources to be obtained
    16) Final Exam
    *These fields provides students with course materials for their pre- and further study before and after the course delivered.

    Recommended or Required Reading & Other Learning Resources/Tools

    Course Notes / Textbooks: Bünyamin Demir, 2020; Yazılım Güvenliği Saldırı ve Savunma, 4.Baskı, Dikeyeksen
    References: Furkan Çontar, 2016; Ağ ve Yazılım Güvenliği, Kodlab
    Enes Aslanbakan, 2016; Bilgi Güvenliği ve Uygulamalı Hacking Yöntemleri, Pusula Yayıncılık
    Erhan Saygılı, 2018; Web Uygulamalar Güvenliği Ve Hacking Yöntemleri, Dikeyeksen
    Mustafa Altınkaynak, 2017; Uygulamalı Siber Güvenlik ve Hacking, Abaküs Kitap
    CEH Eğitim Notları

    Level of Contribution of the Course to PLOs

    No Effect 1 Lowest 2 Low 3 Average 4 High 5 Highest
               
    Programme Learning Outcomes Contribution Level (from 1 to 5)
    1) Defines the corporate cyber security rules and guidelines. 2
    1) Lists the tasks and responsibilities required to identify and prevent any exploitation of hardware. 1
    1) Follow the patches of information technology systems published against known cyber security gaps. 1
    1) Experiences all processes in business life. 1
    1) Explains the basic, theoretical and practical information in the field of information security technology.
    1) Acquires competency of analyzing and solving the problems. 5
    2) Know and analyze cyber assets in terms of information security.
    2) Lists the tasks and responsibilities required to identify and prevent any abuse that may occur in software components. 5
    2) Information Security Creates procedure and control components 2
    2) Takes part in activities related to the field of education in a business operating in the field. 1
    2) Has awareness for ethical and social responsibility. 1
    2) Explains the importance of authorizing users as much as they can. 1
    3) Lists the tasks and responsibilities required to identify and prevent any abuse that may occur in local area networks. 1
    3) Experience the cyber security risk management system.
    3) Explains the necessary policies and processes for effective event management. 1
    3) Identify non-technological tools and methods against cyber attack. 5
    3) Questions the application with theoretical knowledge. 5
    3) Takes responsibility as a team member in works and operations of his/her field. 1
    4) Explains the importance of monitoring the cyber systems for the correct structuring of the powers, the realization of the realized, failed or failed cyber attacks, the timely response to the protection and the fulfillment of the legal requirements. 1
    4) Is aware of written, verbal communication and interaction. 1
    4) Applies the theoretical knowledge learned in business life for a semester.
    4) Identifies the methods and methods of technological methods against cyber attack. 1
    4) Compiles the knowledge and experience gained in the field. 5
    5) Follows the developments of advanced technology and digital transformation. 2
    5) User training and security awareness describes the importance of cyberspace. 1
    5) Acquires the competencies defined as the institutional outcomes of Beykoz University on the basic level, inline with the expectations of business world and the society.
    6) Acquires the awareness for lifelong learning. 1
    6) Recall national and international legislation and regulations related to the field of Information Security Technology. 1
    7) Defines the fundamentals of programming and algorithm information. 5
    7) Has awareness about citizenship competency. 1
    8) Evaluates the developments of his/her field with the understanding of an entrepreneur. 1
    9) Acquires communication in a Foreign Language (English) competence defined on the level of at least A2 in European Language Portfolio. (In programs whose medium of instruction is English, on the level of B1). 1

    SECTION IV: TEACHING-LEARNING & ASSESMENT-EVALUATION METHODS OF THE COURSE

    Teaching & Learning Methods of the Course

    (All teaching and learning methods used at the university are managed systematically. Upon proposals of the programme units, they are assessed by the relevant academic boards and, if found appropriate, they are included among the university list. Programmes, then, choose the appropriate methods in line with their programme design from this list. Likewise, appropriate methods to be used for the course units can be chosen among those defined for the programme.)
    Teaching and Learning Methods defined at the Programme Level
    Teaching and Learning Methods Defined for the Course
    Lectures
    Demonstration
    Laboratory
    Reading
    Homework
    Brain Storming
    Individual and Group Work
    Active Participation in Class

    Assessment & Evaluation Methods of the Course

    (All assessment and evaluation methods used at the university are managed systematically. Upon proposals of the programme units, they are assessed by the relevant academic boards and, if found appropriate, they are included among the university list. Programmes, then, choose the appropriate methods in line with their programme design from this list. Likewise, appropriate methods to be used for the course units can be chosen among those defined for the programme.)
    Aassessment and evaluation Methods defined at the Programme Level
    Assessment and Evaluation Methods defined for the Course
    Midterm
    Final Exam
    Quiz
    Homework Evaluation

    Contribution of Assesment & Evalution Activities to Final Grade of the Course

    Measurement and Evaluation Methods # of practice per semester Level of Contribution
    Quizzes 1 % 10.00
    Homework Assignments 1 % 10.00
    Midterms 1 % 30.00
    Semester Final Exam 1 % 50.00
    Total % 100
    PERCENTAGE OF SEMESTER WORK % 50
    PERCENTAGE OF FINAL WORK % 50
    Total % 100

    SECTION V: WORKLOAD & ECTS CREDITS ALLOCATED FOR THE COURSE
    WORKLOAD OF TEACHING & LEARNING ACTIVITIES
    Teaching & Learning Activities # of Activities per semester Duration (hour) Total Workload
    Course 14 2 28
    Laboratory 14 1 14
    Application 0 0 0
    Special Course Internship (Work Placement) 0 0 0
    Field Work 0 0 0
    Study Hours Out of Class 0 0 0
    Presentations / Seminar 0 0 0
    Project 0 0 0
    Homework Assignments 1 5 5
    Total Workload of Teaching & Learning Activities - - 47
    WORKLOAD OF ASSESMENT & EVALUATION ACTIVITIES
    Assesment & Evaluation Activities # of Activities per semester Duration (hour) Total Workload
    Quizzes 2 6 12
    Midterms 1 8 8
    Semester Final Exam 1 10 10
    Total Workload of Assesment & Evaluation Activities - - 30
    TOTAL WORKLOAD (Teaching & Learning + Assesment & Evaluation Activities) 77
    ECTS CREDITS OF THE COURSE (Total Workload/25.5 h) 3