Course content

The course will go through all the phases in the secure software development lifecycle (requirements, design, implementation and testing) focusing on how to incorporate security in each phase and what techniques to use. The main focus is on web-based applications.

Learning outcome

The course focuses on software security and how to develop more secure software systems.

Learning methods and activities

Lectures, exercise lectures and mandatory exercises. The portfolio includes a final written exam (70%) and exercises (30%). The results for the parts are given in %-scores, while the entire portfolio is assigned a letter grade. The text for the written final exam will be in English. The candidates may choose to write their answers in either English or Norwegian.
If there is a re-sit examination, the examination form may change from written to oral.
The exercises are obligatory. To pass the class, the students have to pass both the exercises and the final exam.

Compulsory assignments

• Exercises

Recommended previous knowledge

Knowledge about information security (equal to the topic TTM4135 Information Security) is an advantage but not required.

Required previous knowledge

The students should be familiar with software development, programming language concepts and software engineering (e.g. through TDT4100 Object-Oriented Programming, TDT4140 Software Engineering and TDT4165 Programming Languages or similar). For the exercises we will use the Java and/or PHP as programming language.

Course materials

To be announced at the beginning of the semester.