Course content

- Secure software development lifecycle
- Low level and application related vulnerability analysis
- Security requirement and secure design
- Secure coding practices and software inspection
- Security testing

Learning outcome

Knowledge
-The students have basic knowledge on how software can be created and maintained with security in mind, i.e. deviation from expected functionality owing to interaction with an adversary. 
-They understand attack patterns, e.g. buffer overflows, format string
 problems, command injection and cross-site scripting.
-The students have an overview of existing techniques, classes of tools and the methods used in software development today.

Skills
-Students can apply their knowledge to problem cases in an industrial or research setting. 
-They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software.

General competence
-The students succeed in presenting their analyses and approaches to other developers, superiors and customers.

Learning methods and activities

-Lectures
-Laboratory exercises
-Compulsory assignments

Coursework requirements:
All obligatory exercises must be approved.

Compulsory assignments

• Obligatorisk arbeidskrav

Specific conditions

Recommended previous knowledge

IMT1082
IMT2021
IMT2282

Course materials

Dowd, M., McDonald, J., and Schuh, J. (2006). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. ISBN 0-321-44442-6. Library 005.8 Dow
Chess, B., & West, J. (2007). Secure programming with static analysis. Pearson Education.http://www.amazon.com/Secure-Programming-Static-Analysis-Brian/dp/0321424778