Course content

• Secure software development lifecycle, e.g. DevSecOps
• Low level and application related vulnerability analysis, e.g., SQL injection, XSS
• Security requirement and secure design, e.g., abuse cases, DFD, Attack trees, Privacy design strategies
• Secure coding practices, e.g. input validation, exception handling, session management, race conditions
• Basic Security testing, e.g. code review tactics, fuzzy testing, static analysis

Learning outcome

Knowledge

• The students have basic knowledge on how software can be created and maintained with security in mind.
• They understand attack patterns and measure to prevent these.
• The students have an overview of existing techniques, classes of tools and the methods used in software development today.

Skills

• Students can apply their knowledge to problem cases in an industrial or research setting, e.g. ISC2 CSSLP certification.
• They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software.

General competence

• The students succeed in presenting their analyses and approaches to other developers, superiors and customers.

Learning methods and activities

• Lectures on campus
• Laboratory work
• Compulsory assignments
• Home reading
• Group work (encouraged, not mandatory)
• Sustainability Lab
• Quiz

Coursework requirements: All obligatory exercises must be approved.

Compulsory assignments

• Compulsory assignments

Specific conditions

Recommended previous knowledge

none

Course materials

Paul, M. (2013). Official (ISC) 2 Guide to the CSSLP. CRC Press.