SECTION I: GENERAL INFORMATION ABOUT THE COURSE

Course Code	Course Name	Year	Semester	Theoretical	Practical	Credit	ECTS
50613METOZ-BGP0042	Secure Web Software Development	1	Spring	2	1	3	3

Course Type :	Compulsory
Cycle:	Associate      TQF-HE:5. Master`s Degree      QF-EHEA:Short Cycle      EQF-LLL:5. Master`s Degree
Language of Instruction:	Turkish
Prerequisities and Co-requisities:	N/A
Mode of Delivery:	Face to face
Name of Coordinator:	Instructor MURAT DEMİRCİ
Dersin Öğretim Eleman(lar)ı:	Instructor MURAT DEMİRCİ
Dersin Kategorisi:	Programme Specific

SECTION II: INTRODUCTION TO THE COURSE

Course Objectives & Content

Course Objectives:	With this course, it is aimed to use the necessary structures for the prevention of weaknesses in web applications and to produce them in some cases.
Course Content:	General HTTP information and history, HTTP / 2 and its differences, security-related HTTP headers, types of vulnerabilities in web applications, passive and active information collection

Course Learning Outcomes (CLOs)

Course Learning Outcomes (CLOs) are those describing the knowledge, skills and competencies that students are expected to achieve upon successful completion of the course. In this context, Course Learning Outcomes defined for this course unit are as follows:

Knowledge (Described as Theoritical and/or Factual Knowledge.)

1) Know the concepts of HTTP.

2) Knows the types of vulnerabilities seen in web applications.

3) Knows the software security vulnerabilities.

4) Knows active and passive information gathering methods.

Skills (Describe as Cognitive and/or Practical Skills.)

1) Web application prevents vulnerabilities.

Competences (Described as "Ability of the learner to apply knowledge and skills autonomously with responsibility", "Learning to learn"," Communication and social" and "Field specific" competences.)

Weekly Course Schedule

Week	Subject	Materials Sharing *
		Related Preparation	Further Study
1)	General HTTP information and history	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
2)	HTTP/2 and its differences	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
3)	Security-related HTTP headers	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
4)	Types of vulnerabilities seen in web applications	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
5)	Types of vulnerabilities seen in web applications	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
6)	Types of vulnerabilities seen in web applications	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
7)	Types of vulnerabilities seen in web applications	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
8)	Midterm
9)	Web Software Security	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
10)	Web Software Security	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
11)	Web Application Security Components	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
12)	Web Application Security Components	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
13)	Web Application Security Components	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
14)	Passive Information Gathering	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and other resources to be obtained
15)	Active Information Gathering	Bünyamin Demir, Yazılım Güvenliği Saldırı ve Savunma, Dikeyeksen, 2020. Reading the related chapter and otherresources to be obtained
16)	Final Exam

*These fields provides students with course materials for their pre- and further study before and after the course delivered.

Recommended or Required Reading & Other Learning Resources/Tools

Course Notes / Textbooks:	Bünyamin Demir, 2020; Yazılım Güvenliği Saldırı ve Savunma, 4.Baskı, Dikeyeksen
References:	Furkan Çontar, 2016; Ağ ve Yazılım Güvenliği, Kodlab Enes Aslanbakan, 2016; Bilgi Güvenliği ve Uygulamalı Hacking Yöntemleri, Pusula Yayıncılık Erhan Saygılı, 2018; Web Uygulamalar Güvenliği Ve Hacking Yöntemleri, Dikeyeksen Mustafa Altınkaynak, 2017; Uygulamalı Siber Güvenlik ve Hacking, Abaküs Kitap CEH Eğitim Notları

SECTION III: RELATIONSHIP BETWEEN COURSE UNIT AND COURSE LEARNING OUTCOMES (CLOs)

(The matrix below shows how the course learning outcomes (CLOs) associates with programme learning outcomes (both KPLOs & SPLOs) and, if exist, the level of quantitative contribution to them.)

Relationship Between CLOs & PLOs

(KPLOs and SPLOs are the abbreviations for Key & Sub- Programme Learning Outcomes, respectively. )

CLOs/PLOs	KPLO 1							KPLO 2			KPLO 3				KPLO 4				KPLO 5
	1	2	3	4	5	6	7	1	2	3	1	2	3	4	1	2	3	4	1	2	3	4	5	6	7	8	9
CLO1
CLO2
CLO3
CLO4
CLO5

Level of Contribution of the Course to PLOs

No Effect	1 Lowest	2 Low	3 Average	4 High	5 Highest

	Programme Learning Outcomes	Contribution Level (from 1 to 5)
1)	Explains the basic, theoretical and practical information in the field of information security technology.	2
	1.1 Defines the corporate cyber security rules and guidelines.	2
	1.2 Information Security Creates procedure and control components	2
	1.3 Identify non-technological tools and methods against cyber attack.	5
	1.4 Identifies the methods and methods of technological methods against cyber attack.	1
	1.5 User training and security awareness describes the importance of cyberspace.	1
	1.6 Recall national and international legislation and regulations related to the field of Information Security Technology.	1
	1.7 Defines the fundamentals of programming and algorithm information.	5
2)	Know and analyze cyber assets in terms of information security.	1
	2.1 Lists the tasks and responsibilities required to identify and prevent any exploitation of hardware.	1
	2.2 Lists the tasks and responsibilities required to identify and prevent any abuse that may occur in software components.	5
	2.3 Lists the tasks and responsibilities required to identify and prevent any abuse that may occur in local area networks.	1
3)	Experience the cyber security risk management system.	1
	3.1 Follow the patches of information technology systems published against known cyber security gaps.	1
	3.2 Explains the importance of authorizing users as much as they can.	1
	3.3 Explains the necessary policies and processes for effective event management.	1
	3.4 Explains the importance of monitoring the cyber systems for the correct structuring of the powers, the realization of the realized, failed or failed cyber attacks, the timely response to the protection and the fulfillment of the legal requirements.	1
4)	Applies the theoretical knowledge learned in business life for a semester.	1
	4.1 Experiences all processes in business life.	1
	4.2 Takes part in activities related to the field of education in a business operating in the field.	1
	4.3 Questions the application with theoretical knowledge.	5
	4.4 Compiles the knowledge and experience gained in the field.	5
5)	Acquires the competencies defined as the institutional outcomes of Beykoz University on the basic level, inline with the expectations of business world and the society.	5
	5.1 Acquires competency of analyzing and solving the problems.	5
	5.2 Has awareness for ethical and social responsibility.	1
	5.3 Takes responsibility as a team member in works and operations of his/her field.	1
	5.4 Is aware of written, verbal communication and interaction.	1
	5.5 Follows the developments of advanced technology and digital transformation.	2
	5.6 Acquires the awareness for lifelong learning.	1
	5.7 Has awareness about citizenship competency.	1
	5.8 Evaluates the developments of his/her field with the understanding of an entrepreneur.	1
	5.9 Acquires communication in a Foreign Language (English) competence defined on the level of at least A2 in European Language Portfolio. (In programs whose medium of instruction is English, on the level of B1).	1

SECTION IV: TEACHING-LEARNING & ASSESMENT-EVALUATION METHODS OF THE COURSE

Teaching & Learning Methods of the Course

(All teaching and learning methods used at the university are managed systematically. Upon proposals of the programme units, they are assessed by the relevant academic boards and, if found appropriate, they are included among the university list. Programmes, then, choose the appropriate methods in line with their programme design from this list. Likewise, appropriate methods to be used for the course units can be chosen among those defined for the programme.)

Teaching and Learning Methods defined at the Programme Level	Teaching and Learning Methods Defined for the Course
Lectures
Discussion
Case Study
Problem Solving
Demonstration
Views
Laboratory
Reading
Homework
Project Preparation
Thesis Preparation
Peer Education
Seminar
Technical Visit
Course Conference
Brain Storming
Questions Answers
Individual and Group Work
Role Playing-Animation-Improvisation
Active Participation in Class

Assessment & Evaluation Methods of the Course

(All assessment and evaluation methods used at the university are managed systematically. Upon proposals of the programme units, they are assessed by the relevant academic boards and, if found appropriate, they are included among the university list. Programmes, then, choose the appropriate methods in line with their programme design from this list. Likewise, appropriate methods to be used for the course units can be chosen among those defined for the programme.)

Aassessment and evaluation Methods defined at the Programme Level	Assessment and Evaluation Methods defined for the Course
Midterm
Presentation
Final Exam
Quiz
Report Evaluation
Homework Evaluation
Oral Exam
Thesis Defense
Jury Evaluation
Practice Exam
Evaluation of Implementation Training in the Workplace
Active Participation in Class
Participation in Discussions

Relationship Between CLOs & Teaching-Learning, Assesment-Evaluation Methods of the Course

(The matrix below shows the teaching-learning and assessment-evaluation methods designated for the course unit in relation to the course learning outcomes.)

Contribution of Assesment & Evalution Activities to Final Grade of the Course

Measurement and Evaluation Methods	# of practice per semester	Level of Contribution
Quizzes	1	% 10.00
Homework Assignments	1	% 10.00
Midterms	1	% 30.00
Semester Final Exam	1	% 50.00
Total		% 100
PERCENTAGE OF SEMESTER WORK		% 50
PERCENTAGE OF FINAL WORK		% 50
Total		% 100

SECTION V: WORKLOAD & ECTS CREDITS ALLOCATED FOR THE COURSE

WORKLOAD OF TEACHING & LEARNING ACTIVITIES
Teaching & Learning Activities	# of Activities per semester	Duration (hour)	Total Workload
Course	14	2	28
Laboratory	14	1	14
Application	0	0	0
Special Course Internship (Work Placement)	0	0	0
Field Work	0	0	0
Study Hours Out of Class	0	0	0
Presentations / Seminar	0	0	0
Project	0	0	0
Homework Assignments	1	5	5
Total Workload of Teaching & Learning Activities	-	-	47
WORKLOAD OF ASSESMENT & EVALUATION ACTIVITIES
Assesment & Evaluation Activities	# of Activities per semester	Duration (hour)	Total Workload
Quizzes	2	6	12
Midterms	1	8	8
Semester Final Exam	1	10	10
Total Workload of Assesment & Evaluation Activities	-	-	30
TOTAL WORKLOAD (Teaching & Learning + Assesment & Evaluation Activities)			77
ECTS CREDITS OF THE COURSE (Total Workload/25.5 h)			3