Course - Software Security - IMT3501
IMT3501 - Software Security
About
Examination arrangement
Examination arrangement: Written examination
Grade: Letters
| Evaluation | Weighting | Duration | Grade deviation | Examination aids |
|---|---|---|---|---|
| Written exam | 100/100 | 3 timer |
Course content
Software Assurance
Secure Software Development Lifecycle
Coding Practices and Rules
Source Code Analysis
Security Testing
Attack Patterns
Learning outcome
Knowledge
The students have basic knowledge on how software can be created and maintained with security in mind, i.e. deviation from expected functionality owing to interaction with an adversary.
They understand attack patterns, e.g. buffer overflows,
format string
problems, command injection,
and cross-site scripting.
The students have an overview of existing techniques, classes of tools and the methods used in software development today.
Skills
Students can apply their knowledge to problem cases in an industrial or research setting.
They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software.
General competence
The students succeed in presenting their analyses and approaches to other developers, superiors and customers.
Learning methods and activities
Forelesninger|Lab.øvelser|Obligatoriske oppgaver
Obligatoriske arbeidskrav:
At least 6 (six) obligatory exercise sheets must be handed in.
Compulsory assignments
- Approved exercises
Further on evaluation
Utfyllende om kontinuasjon:
Re-sit examination in August.
Specific conditions
Admission to a programme of study is required:
Drift av nettverk og datasystemer (BDR)
Informasjonssikkerhet (BIS)
Recommended previous knowledge
IMT1082 - Objekt-orientert programmering
IMT2021 - Algoritmiske metoder
IMT2282 - Operativsystemer
Course materials
Dowd, M., McDonald, J., and Schuh, J. (2006). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. ISBN 0-321-44442-6. Library 005.8 Dow
Additional resources:
Hoglund, G. and McGraw, G. (2004). Exploiting Software: How to Break Code. ISBN 0-201-78695-8. Library 005.8 Hog
McGraw, G. (2006). Software Security: Building Security in. ISBN 0-321-35670-5. Library 005.8 McG
No
Version: 1
Credits:
10.0 SP
Study level: Third-year courses, level III
Term no.: 1
Teaching semester: AUTUMN 2016
Language of instruction: -
-
-
- Basel Katt
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination arrangement: Written examination
- Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
- Autumn ORD Written exam 100/100 2016-12-14 09:00
-
Room Building Number of candidates - Summer KONT Written exam 100/100 2017-08-11 09:00
-
Room Building Number of candidates
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"