course-details-portlet

IIKG2001

Software Security

Credits 7.5
Level Third-year courses, level III
Course start Autumn 2025
Duration 1 semester
Language of instruction English
Location Gjøvik
Examination arrangement School exam

About

About the course

Course content

  • Secure software development lifecycle, e.g. DevSecOps
  • Low level and application related vulnerability analysis, e.g., SQL injection, XSS
  • Security requirement and secure design, e.g., abuse cases, DFD, Attack trees, Privacy design strategies
  • Secure coding practices, e.g. input validation, exception handling, session management, race conditions
  • Basic Security testing, e.g. code review tactics, fuzzy testing, static analysis

Learning outcome

Knowledge

  • The students have basic knowledge on how software can be created and maintained with security in mind.
  • They understand attack patterns and measure to prevent these.
  • The students have an overview of existing techniques, classes of tools and the methods used in software development today.

Skills

  • Students can apply their knowledge to problem cases in an industrial or research setting, e.g. ISC2 CSSLP certification.
  • They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software.

General competence

  • The students succeed in presenting their analyses and approaches to other developers, superiors and customers.

Learning methods and activities

  • Lectures on campus
  • Laboratory work
  • Compulsory assignments
  • Home reading
  • Group work (encouraged, not mandatory)
  • Sustainability Lab
  • Quiz

Coursework requirements: All obligatory exercises must be approved.

Compulsory assignments

  • Compulsory assignments

Further on evaluation

Re-sit examination in August concerns only the written exam. Can be changed to oral exam.

Obligatory assignments have to be passed, to allow sitting in the final written exam.

Course materials

Paul, M. (2013). Official (ISC) 2 Guide to the CSSLP. CRC Press.

Subject areas

  • Computer Science

Contact information

Course coordinator

Lecturers

Department with academic responsibility

Department of Information Security and Communication Technology

Examination

Examination

Examination arrangement: School exam
Grade: Letter grades

Ordinary examination - Autumn 2025

School exam
Weighting 100/100 Examination aids Code E Date 2025-12-12 Time 09:00 Duration 2 hours Exam system Inspera Assessment
Place and room for school exam

The specified room can be changed and the final location will be ready no later than 3 days before the exam. You can find your room location on Studentweb.

Mustad, Inngang A
Room M433-Eksamensrom 4.etg
64 candidates
Smaragd
Room S410
32 candidates
Room S415
9 candidates
Room S411
8 candidates

Re-sit examination - Summer 2026

School exam
Weighting 100/100 Examination aids Code E Duration 2 hours Exam system Inspera Assessment Place and room Not specified yet.