IMT3501 - Software Security


This course is no longer taught and is only available for examination. For a complete course description, see previous academic years.

Examination arrangement

Examination arrangement: Aggregate score
Grade: Letters

Evaluation Weighting Duration Grade deviation Examination aids
School exam 40/100 3 hours E
Portfolio 60/100

Course content

- Secure software development lifecycle - Low level and application related vulnerability analysis - Security requirement and secure design - Secure coding practices and software inspection - Security testing

Learning outcome

Knowledge -The students have basic knowledge on how software can be created and maintained with security in mind, i.e. deviation from expected functionality owing to interaction with an adversary.  -They understand attack patterns, e.g. buffer overflows, format string  problems, command injection and cross-site scripting. -The students have an overview of existing techniques, classes of tools and the methods used in software development today. Skills -Students can apply their knowledge to problem cases in an industrial or research setting.  -They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software. General competence -The students succeed in presenting their analyses and approaches to other developers, superiors and customers.

Learning methods and activities

-Lectures -Laboratory exercises -Compulsory assignments -Home reading -Group work (encouraged, not mandatory) -Quiz

Coursework requirements: All obligatory exercises must be approved.

Compulsory assignments

  • Excersises

Further on evaluation

Re-sit examination in August concerns only the written exam.

A final written exam will count 40% of the mark.

A portfolio of smaller marked tasks will count 60% of the final mark. The precise tasks are defined during the course. These will be related to the lab work.

Obligatory assignments have to be passed, to allow sitting in the final written exam.

Specific conditions

Compulsory activities from previous semester may be approved by the department.

Admission to a programme of study is required:
Computer Science (BIDATA)
IT Operations and Information Security (BITSEC)
Information Security (BIS)
Network and System Administration (BDR)
Programming (BPROG)

Course materials

Paul, M. (2013). Official (ISC) 2 Guide to the CSSLP. CRC Press.

More on the course



Version: 1
Credits:  10.0 SP
Study level: Third-year courses, level III


Language of instruction: English

Location: Gjøvik

Subject area(s)
  • Computer Science
Contact information
Course coordinator:

Department with academic responsibility
Department of Information Security and Communication Technology


Examination arrangement: Aggregate score

Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
Autumn ORD School exam 40/100 E 2021-12-09 09:00 INSPERA
Room Building Number of candidates
A-atriet-2/3 (A-160) Ametyst 2
Autumn ORD Portfolio 60/100 INSPERA
Room Building Number of candidates
  • * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.

For more information regarding registration for examination and examination procedures, see "Innsida - Exams"

More on examinations at NTNU