course-details-portlet

IIKG2001

Software Security

Assessments and mandatory activities may be changed until September 20th.

Credits 7.5
Level Third-year courses, level III
Course start Spring 2027
Duration 1 semester
Language of instruction English
Location Gjøvik
Examination arrangement School exam

About

About the course

Course content

  • Software vulnerabilities, taxonomies, CWE, OWASP Top 10
  • Web application vulnerabilities
  • Offensive security, CAPEC, attack vectors
  • Secure/defensive programming, threat analysis, banned functions
  • Access control implementation, Windows security
  • Certification of products
  • Source code analysis, supply chain, dependencies, code inspection, data flow analysis, patterns, tools, automation
  • Security testing, absence/presence of vulnerabilities, structured testing, abuse cases, penetration testing, fuzzing
  • Secure software development life cycle, principles, practices, activities, integration, software delivery and integrity
  • Software maintenance, greenfield/brownfield, third-party dependencies, risk analysis, patching

Learning outcome

Knowledge

  • The students have basic knowledge on how software can be created and maintained with security in mind.
  • They understand attack patterns and measures to prevent these.
  • The students have an overview of existing techniques, classes of tools and the methods used in software development today.

Skills

  • Students can apply their knowledge to problem cases in an industrial or research setting.
  • They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software.

General competence

  • The students succeed in presenting their analyses and approaches to other developers, superiors and customers.
  • Through the practical application of attack methods and the analysis of their consequences, students develop an awareness of the responsible use and design of information technology.

Learning methods and activities

  • Lectures partly on campus and partly digitally streamed
  • Laboratory work
  • Compulsory assignments
  • Home reading
  • Group work (encouraged, not mandatory)
  • Sustainability Lab

Coursework requirements: All obligatory exercises must be approved.

Compulsory assignments

  • Compulsory assignments

Further on evaluation

Re-sit examination in August concerns only the written exam. Can be changed to oral exam.

Obligatory assignments have to be passed, to allow sitting in the final written exam.

Specific conditions

Admission to a programme of study is required:
Computer Science - Engineering (BIDATA) - some programmes
Digital Infrastructure and Cyber Security (BDIGSEC)
Programming (BPROG)

Course materials

Stallings/Brown (2018). Computer Security: Principles and Practice. Global Edition. Pearson.

McGraw (2006). Software Security: Building Security In. O*Reilly.

Subject areas

  • Computer Science

Contact information

Course coordinator

Department with academic responsibility

Department of Information Security and Communication Technology

Timetable

Timetable

Calendar view
List view
Show detailed timetable in TP Download .ics file iCal

Examination

Examination

Examination arrangement: School exam
Grade: Letter grades

Ordinary examination - Spring 2027

School exam
Weighting 100/100 Examination aids Code E Duration 2 hours Exam system Inspera Assessment Place and room Not specified yet.

Re-sit examination - Summer 2027

School exam
Weighting 100/100 Examination aids Code E Duration 2 hours Exam system Inspera Assessment Place and room Not specified yet.

All about examinations at NTNU