Computer code on split laptop screen

Graduate Certificate in Software Security

Fall 2023 Application Portal Information

We are extending our admission deadline to provide further access and support to our applicants. The Fall 2023 deadline will now be July 3rd 2023, 11:59 MST for Canadian/Permanent Residents.

The application portal is now closed for international applications.

Information Session

Please stay tuned for our next information session - details about the session will be posted here.

Enhance your career with a 4-course Graduate Certificate

Cybersecurity threats are a critical issue facing our digital infrastructure. The Graduate Certificate in Software Security introduces you to the tools, techniques, and mindsets necessary to succeed in the increasingly important field of software security.

Designed for innovative professionals – like you – who are looking to specialize or bolster their careers, the curriculum incorporates theory, information security management skills, best practices, and practical experiences.

With the Certificate in Software Security, you gain the necessary knowledge base and useful skills to develop secure products like apps for mobile phones or Internet-of-Things (IoT) devices. You will learn best practices for developing secure products, and how to defend these products against known and future threats as they are deployed.

Learn the principles of applications security, how to develop secure products, and gain practical experience developing a secure software system or product while applying threat modelling, security design, and security assessment skills.

Why get a Certificate in Software Security?

The Graduate Certificate in Software Security is designed to provide specific, relevant training in ensuring the security of software systems, applications, mobile devices, and smart devices that are part of the Internet of Things (IoT). This program is for professionals looking to upgrade their skills, or recent graduates of an undergraduate program in computer science or a related field who want additional training to progress in their careers.

By the end of the program, you will:

  • Gain foundational knowledge in the principles of secure systems: systems security and software applications security.
  • Develop a secure software system or product that will be connected to the internet: anticipate potential threats and design options to secure a product.
  • Apply existing tools and practices into the software development process in order to enhance the security of their software.
  • Apply threat modeling, security design, and security assessment skills in the process of developing an innovative product such as a mobile application or other smart device.
  • Recognize the limitations of technical security measures, and strategize and evaluate ways to address gaps, including non-technical solutions such as deployment of policies and programs.
  • Communicate system design and security assessment results to a technical audience who may not be security experts.
  • Decide on courses of action based on relevant legal and ethical considerations.

Certificate Courses

Students enrolled in the Software Security Certificate will complete all “required” courses, ISEC 605, 623, 625 and ONE OF 4 “optional” courses, either ISEC 641, 643, 645 or 651 depending on their preference, for 4 courses or 12 credits total.

Operating systems security. Software vulnerabilities and their exploits. Malware. Computer system virtualization. Application-level security. Access control models. Identity and access management.

Practices and tools for preventing vulnerabilities in the software development life cycle, including threat modelling, secure coding idioms and secure design patterns, static analyzers for detecting vulnerabilities, fuzzing and other quality assurance practices.

Security architecture of common smartphone platforms and Internet-of-Things environments. Selected topics on threat modelling, penetration testing, and security-aware design for smartphones, home automation, wearables, vehicles and industrial control systems.

Information security strategy and its alignment with business goals. Business cases for information security investment. Legal and regulatory requirements. Roles and responsibilities in information security management. Security risk assessment and management.

Development of security policies. Policy compliance and enforcement. Policy considerations for social engineering and insider attacks. Information security standards. Security awareness and training programs. Privacy policies and compliance. Privacy Impact Assessment.

Design and implementation of process for identifying, analyzing and responding to information security incidents. Computer forensics. Organization and management of the incident response and forensics team. Tools and best practices.

Advanced topics in information security and privacy