Course - Software Security - IIKG2001
Software Security
About
About the course
Course content
- Secure software development lifecycle, e.g. DevSecOps
- Low level and application related vulnerability analysis, e.g., SQL injection, XSS
- Security requirement and secure design, e.g., abuse cases, DFD, Attack trees, Privacy design strategies
- Secure coding practices, e.g. input validation, exception handling, session management, race conditions
- Basic Security testing, e.g. code review tactics, fuzzy testing, static analysis
Learning outcome
Knowledge
- The students have basic knowledge on how software can be created and maintained with security in mind.
- They understand attack patterns and measure to prevent these.
- The students have an overview of existing techniques, classes of tools and the methods used in software development today.
Skills
- Students can apply their knowledge to problem cases in an industrial or research setting, e.g. ISC2 CSSLP certification.
- They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software.
General competence
- The students succeed in presenting their analyses and approaches to other developers, superiors and customers.
Learning methods and activities
- Lectures on campus
- Laboratory work
- Compulsory assignments
- Home reading
- Group work (encouraged, not mandatory)
- Sustainability Lab
- Quiz
Coursework requirements: All obligatory exercises must be approved.
Compulsory assignments
- Compulsory assignments
Further on evaluation
Re-sit examination in August concerns only the written exam. Can be changed to oral exam.
Obligatory assignments have to be passed, to allow sitting in the final written exam.
Specific conditions
Admission to a programme of study is required:
Computer Science - Engineering (BIDATA)
Digital Infrastructure and Cyber Security (BDIGSEC)
Programming (BPROG)
Recommended previous knowledge
none
Course materials
Paul, M. (2013). Official (ISC) 2 Guide to the CSSLP. CRC Press.
Subject areas
- Computer Science
Contact information
Course coordinator
Lecturers
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination
Ordinary examination - Autumn 2025
School exam
The specified room can be changed and the final location will be ready no later than 3 days before the exam. You can find your room location on Studentweb.