IMT3501 - Software Security

About

Examination arrangement

Examination arrangement: Written examination
Grade: Letters

Evaluation form Weighting Duration Examination aids Grade deviation
Written examination 100/100 3 hours

Course content

Software Assurance

Secure Software Development Lifecycle

Coding Practices and Rules

Source Code Analysis

Security Testing

Attack Patterns

Learning outcome

Knowledge

The students have basic knowledge on how software can be created and maintained with security in mind, i.e. deviation from expected functionality owing to interaction with an adversary. 

They understand attack patterns, e.g. buffer overflows,
format string
 problems, command injection,
and cross-site scripting.
 

The students have an overview of existing techniques, classes of tools and the methods used in software development today.

Skills

Students can apply their knowledge to problem cases in an industrial or research setting. 

They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software.

General competence

The students succeed in presenting their analyses and approaches to other developers, superiors and customers.

Learning methods and activities

Forelesninger|Lab.øvelser|Obligatoriske oppgaver

Obligatoriske arbeidskrav:

At least 6 (six) obligatory exercise sheets must be handed in.

Compulsory assignments

  • Approved exercises

Further on evaluation

Utfyllende om kontinuasjon:

Re-sit examination in August.

Specific conditions

Exam registration requires that class registration is approved in the same semester. Compulsory activities from previous semester may be approved by the department.

Admission to a programme of study is required:
Information Security (BIS)
Network and System Administration (BDR)

Course materials



Dowd, M., McDonald, J., and Schuh, J. (2006). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. ISBN 0-321-44442-6. Library 005.8 Dow

Additional resources:

Hoglund, G. and McGraw, G. (2004). Exploiting Software: How to Break Code. ISBN 0-201-78695-8. Library 005.8 Hog

McGraw, G. (2006). Software Security: Building Security in. ISBN 0-321-35670-5. Library 005.8 McG

Timetable

Detailed timetable

Examination

Examination arrangement: Written examination

Term Statuskode Evaluation form Weighting Examination aids Date Time Room *
Autumn ORD Written examination 100/100 2016-12-14 09:00 A254, 2.etg. A-bygg , A154, 1.etg. A-bygg
Summer KONT Written examination 100/100 2017-08-11 09:00 A153, 1.etg. A-bygg
  • * The location (room) for a written examination is published 3 days before examination date.
If more than one room is listed, you will find your room at Studentweb.