Software Applications: Security Lifecycle Threats
Harvard Extension School
CSCI E-149A
Section 1
CRN 16691
You have been tasked with the design, development, and deployment of a new application, and there is more involved than just writing some code and testing it. In this course, we take a fictional product through the entire secure development lifecycle, through ideation, design, development, testing, and deployment. We explore how to think about and embed security into each phase, including those phases where security has traditionally been an afterthought. Some of the questions that we address include how do we make sure that we have included security thinking throughout the entire product lifecycle? How do we know what to test, how, and why—are we actually testing what matters? How do we ensure that we are developing within a secure development environment? What about the impact of all that third-party code, especially open-source software, that we want to use with our application? And what happens when this product is nearing end life—how do we make sure that we maintain its security posture even if we are no longer actively developing new features? How do you present- and future-proof against emerging technologies, regulations and industry trends? How do you make sure that you are set up to protect against threats from emerging technologies including machine learning/artificial intelligence (AI) and quantum computing? How do you apply all these of this present- and future-proofing to legacy applications, that is, applications that are already built and in-use, including hybrid applications, critical infrastructure, and industrial systems? The net is that you can be sure that whatever you do today may well not be enough to protect you tomorrow. Throughout the course we apply these concepts and tradeoffs as students create and take their own software product through its end-to-end lifecycle. Threats and things to pay attention to include discussions drawn from the news (sadly there are always on-point things in the cybersecurity news that we can use as the basis of discussion), as well as CISA's Zero Trust Maturity Model, Secure by Design requirements, guidelines for secure AI system development, CISA's Known Exploitable Vulnerability (KEV) lists, MITRE's ATT&CK framework, threat modeling techniques, risk management concepts, and whatever is topical at the time in the news.
Registration Closes: August 28, 2025
Credits: 4
View Tuition Information Term
Fall Term 2025
Part of Term
Full Term
Format
Flexible Attendance Web Conference
Credit Status
Graduate, Noncredit, Undergraduate
Section Status
Open