Software Applications: Security Lifecycle Threats

This course focuses on designing, building, and sustaining secure applications across their full life cycle. Students take a fictional product from ideation through design, development, testing, deployment, and eventual end-of-life, learning how to embed security decisions into each phase rather than treating security as a final checkpoint. The course emphasizes how application security is shaped by real-world constraints, including development velocity, third-party dependencies, evolving threats, and operational realities. Students learn how to decide what actually matters to test, how to build and maintain secure development environments, and how to reason about the security impact of open-source and third-party components. Particular attention is given to phases where security is often neglected—early design, dependency management, and long-term maintenance. Students also explore how applications must adapt to change over time. Topics include maintaining security posture as products age, responding to newly discovered vulnerabilities, and preparing applications for emerging technologies, regulations, and industry shifts. The course examines how secure development practices extend to legacy and hybrid applications, including systems already in production, critical infrastructure, and industrial environments. Learning is grounded in applied work and discussion. Students analyze real-world incidents drawn from recent cybersecurity events and apply secure development frameworks, threat modeling techniques, and risk management concepts to their own projects. Throughout the course, students practice making and justifying security trade-offs as they evolve their application across its life cycle—recognizing that security is not a one-time achievement, but an ongoing design and operational challenge.