Secure Software Engineering

7M06106 «Secure Software Engineering»

The educational program regulates the objectives, results, content, conditions and technologies for the implementation of the educational process, assessment of the quality of graduates training in this area of
training and includes materials that ensure the quality of training of students and implementation of appropriate educational technology. The feature of EP is the possession of the necessary knowledge to successfully perform professional activities in the field of cybersecurity, including areas such as information protection, risk management, incident management, threat analysis, implementation and maintenance of security systems, as well as ethical and legal aspects.

Objective of Educational Program

Preparation of competitive masters with applied knowledge and skills to find vulnerabilities in software code at all stages of its development.

List of a specialist’s positions

Сareer opportunities

Secure Software Developer;
Architect-Software Developer;
Software Engineer.

7M061 – Information and communication technologies

Group of educational programs

Master of Technical Sciences in «7M06106 Secure Software Engineering»

Awarded degree

2 years

Duration of study

Learning outcomes

Apply methodological and methodical knowledge in conducting scientific research, pedagogical and educational work.
Manage a team in the process of developing a software system.
Apply standards, methods, technologies, tools and technical means for the design, maintenance and development of software systems.
Develop the architecture of the software system, ensure the security and reliability of the system.
Develop and design complex software systems.
Speak a foreign language at a professional level that allows conducting scientific research and teaching special disciplines in universities.
Formulate and solve problems arising in the course of research activities that require in-depth professional knowledge
Choose the necessary approaches and research methods, modify existing ones and develop new ones based on the objectives of a particular study.
Apply psychological methods and means of improving the effectiveness and quality of training in the learning process.
Apply effective methods for data security verification, vulnerability detection and remediation, development and implementation of security measures.

Documents

Educational program documents

«Astana IT University»

Academic disciplines

Foreign language (professional)

The aim of the course is to develop professional competences of specialists; to form professionally oriented communicative competence of master’s students, which allows them to integrate into international professional environment and use professional English as a means of intercultural and professional communication.

History and Philosophy of Science

The content of the course is aimed at obtaining knowledge about the properties of science as a type of cognition and a socio-cultural phenomenon in its historical development by a master student; formation of system ideas about the general laws of scientific knowledge in its historical development and changing socio-cultural context.

Higher Education Pedagogy

The content of the course is aimed at acquiring knowledge about the foundations of pedagogical theory and pedagogical skills, the management of the educational process for teaching in higher education, the formation of an understanding of the main categories of pedagogy, the place, role and significance of higher education pedagogy, understanding the basic principles of modern pedagogy and methodological approaches to solving pedagogical problems of higher education.

Psychology of Management

The content of the course is aimed at the formation of systemic ideas about the psychological laws of management, the specifics of using social and psychological knowledge and mastering the skills of analyzing the social and psychological principles that underlie effective management.

Teaching Practicum (Internship)

Teaching practice is a kind of practical activities of graduate students, including teaching, organization of educational activity of students, scientific and methodical work on the subject, obtaining skills in teacher’s work.

Advanced Management Information Systems

This course introduces master’s students to the strategic and operational uses of information systems. The use of information systems is examined for achieving and maintaining competitive advantage, as well as managerial issues concerning the development, implementation, and management of enterprise information systems. Case studies address the impact of information systems on the organization, the challenges involved in managing technological change in organizations, and the impact of emerging technologies. Graduate students will develop a socio-technical perspective on the use of information systems to solve real-world problems.

IT Audit and Control

This course aims to ensure the security and compliance of information systems. This course teaches methods for auditing information security processes, evaluating the effectiveness of security measures, checking compliance, and providing recommendations for improving security.

Secure Software Architecture and Design

The course is aimed at studying the principles and methods of designing secure software. The purpose of the course is to ensure the security of information systems through the development of secure architectures and effective risk management in cyberspace. The discipline examines the methods of designing and developing secure software. Includes vulnerability identification and remediation, coding standards, and security testing.

Advanced Database Management Systems

This course provides a comprehensive exploration of the principles, practices, design, and development of database management systems, with a particular focus on relational database systems. Key topics include physical and logical database design, the process of relational database design using normalization, and semantic data modeling. Students will delve into ER diagrams, methods of physical data organization, and client-server data organization. The course also covers essential aspects of database security and server data management systems, as well as business analytics and data warehousing. Emphasizing practical skills, the course expects graduate students to engage with database applications, where they will practice designing and implementing databases through various assignments. Additionally, students will be required to complete a project that encompasses the modeling, development, implementation, and maintenance of databases.

Advanced Binary Analysis Techniques

This course teaches methods for analyzing malicious software. It includes detecting malicious code, examining its structure, and understanding its operational principles. Binary code analysis involves examining software or operating systems without access to their source code. This situation often arises when analyzing malware, compiled software, or proprietary operating systems like Windows or iOS, where the source code is intentionally withheld by developers or vendors. The field encompasses a diverse array of goals, techniques, and methodologies, including sophisticated anti-dynamic measures to thwart dynamic analysis. Explore possibilities of certain custom packers that can detect and circumvent dynamic analysis by tracking system activities.

Advanced Software Quality Assurance

The course covers methods and strategies for ensuring high-quality software. It includes the development and implementation of advanced testing methods, quality analysis, and compliance with standards, analysis of safety requirements, testing, and compliance with quality standards. The course content includes the study of advanced software testing methods, code quality analysis, methods for ensuring security and compatibility of software products with international standards.

Advanced Computer Networking

This course provides an in-depth study of the fundamental concepts and principles in communications and computer networking. The course examines the technical, design, and management issues related to enterprise computer networking. Students will have deep knowledge and understanding of networking concepts, protocols design, and popular network technologies. Topics covered include network design and architectures, telecommunications and networking standards, approaches to scaling services, virtualization, redundancy, network security and management, data center design, hosting and cloud services, and emerging technologies and trends. The course also covers server architectures, cluster computing, grid computing, storage area networks and network attached storage, and data center design and implementation.

Research Practice

Software Resilience and Risk Assessment

The purpose of the course is to teach students how to ensure the stability of software systems and assess potential risks in the process of their development and operation. The course content includes the study of the principles of risk analysis and management in software engineering, methods for ensuring the security and stability of software, as well as practical aspects of risk analysis and assessment in the context of various types of software systems. This discipline combines methods of safe development and risk management to improve the stability and reliability of software systems.

Blockchain platforms development

The purpose of the course is to learn the basics of developing and implementing blockchain technologies to create distributed applications and platforms. The course content includes the study of the principles of blockchain, the development of smart contracts, the architecture of distributed applications on the blockchain, data security and confidentiality, as well as the use of blockchain technologies in various fields such as finance, logistics and government services. Undergraduates study the basic concepts of blockchain, smart contracts, cryptographic methods and consensus algorithms.

AI-assisted Soft Development

This course is designed to introduce master’s students leverage Artificial Intelligence (AI) technology during the coding phases of the software. There are different scenarios of bundling AI capabilities into the application you’re building, and implementing AI to assist in coding and building it. Course will cover different algorithms of Machine Learning and Deep Learning and practical implementation in secure software engineering.

Advanced Computer Networks Security

This course is intended for undergraduates who are interested in modern aspects of computer network security. Within the framework of this course, undergraduates study a wide range of technologies and techniques necessary for effective resistance to various threats to information security. Deep understanding of modern encryption techniques such as AES, RSA and elliptic curve cryptography to ensure data confidentiality and integrity. The study of advanced systems capable of monitoring network traffic and automatically responding to potential threats. Using next-generation firewalls (NGFW), including application-level inspection and filtering, to protect network resources. Segmentation principles, the use of VLANs and DMZ zones to isolate and protect critical infrastructure components. Implementation and use of secure data transfer protocols such as TLS and SSH to ensure the protection and confidentiality of information. Policies and technologies that regulate network access based on user identification, device status, and other parameters.

Systems Analysis and Design

This course provides a methodical approach to implementing computer systems including systems planning, design, testing, implementation and software maintenance. Emphasis is on the strategies and techniques of systems analysis and design for producing logical methodologies for dealing with complexity in the development and implementation of information systems. The course approaches the secure development of information systems (IS) from a problem-solving perspective.

Teaching methods and strategies

Within the discipline, undergraduates are offered a variety of strategies and tools to create an interactive and stimulating learning environment. During the course, undergraduates study various active methods, such as group projects, role-playing games, feedback and discussions, the use of technologies and tools for interactive learning and ways to adapt them to the specifics of IT disciplines and integrate practical tasks and projects into the learning process.

Research work of a master's student, including an internship and the completion of a master's thesis

Research work of a master’s student, including an internship and the completion of a master’s thesis.