IMT6007 - COINS IT Security Exercise


Examination arrangement

Examination arrangement: Portfolio assessment
Grade: Passed / Not Passed

Evaluation Weighting Duration Grade deviation Examination aids
Portfolio assessment 100/100 ALLE

Course content

-Vulnerabilities in software

-Methods of manual and automated software inspection

-Participation in an IT security exercise

-Hosting a public IT security exercise

-Secure software development

-Validation of training approaches; motivation, relevance and impact

Learning outcome

After having completed the course, students are expected to have mastered the following learning outcomes:

Knowledge -State of the art in discovery and exploitation of IT system vulnerabilities -Capability and limits of validation of training methods

Skills -Source code inspection under time pressure -Ability to find and exploit vulnerabilities in software and systems -Development of novel attack methods and tools Assessment, selection and application of automated vulnerability discovery and removal approaches -Ability to determine limits, assess relevance and impact of group security exercises for the improvement of secure software development General competence -Ability to collaborate and communicate in a team of skilled researchers with diverse backgrounds

Learning methods and activities

-Active participation in an IT security exercise, producing write-ups for found and exploited vulnerabilities.

-Individual reflection about relevance of vulnerabilities with respect to actual occurrence in the field, presence in exercises, focus in teaching material.

-Development of teaching material to improve software development training.

Compulsory requirements: -Two obligatory exercises must be passed. An obligatory exercise will usually consist of a write-up that is not included in the portfolio.

Compulsory assignments

  • Coursework Requirements

Further on evaluation

Re-sit / Utfyllende om kontinuasjon: Whole course must be re-taken.

Forms of assessment / Vurderingsformer: Portfolio assessment - students select for inclusion in their portfolio: an assessment categorizing challenges in a CTF competition according to vulnerability taxonomies and relating challenges to security vulnerabilities in the field AND ONE of the following two options: a write-up for one of the solved challenges in a CTF competition AND a documentation of training material/processes/tools to improve the learning experience of software architects and developers AND a (short) survey of approaches to validate training approaches in applied IT security a documentation on a hosted CTF competition by the students AND a reflection report on how that competition could improve developer training and how its impact on learning has been (or should be) validated

Specific conditions

Compulsory activities from previous semester may be approved by the department.

Admission to a programme of study is required:
Computer Science (PHD-CS)
Information Security (PHD-IS)
Information Security and Communication Technology (PHISCT)

Course materials

Scientific articles and hand-outs provided by lecturers.

More on the course



Version: 1
Credits:  5.0 SP
Study level: Doctoral degree level


Term no.: 1
Teaching semester:  AUTUMN 2021

Language of instruction: English

Location: Gjøvik

Subject area(s)
  • Informatics
Contact information
Course coordinator:

Department with academic responsibility
Department of Information Security and Communication Technology


Examination arrangement: Portfolio assessment

Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
Spring ORD Portfolio assessment 100/100 ALLE
Room Building Number of candidates
  • * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.

For more information regarding registration for examination and examination procedures, see "Innsida - Exams"

More on examinations at NTNU