en_GB
Hold Ctrl-tasten nede. Trykk på + for å forstørre eller - for å forminske.

DAT250_1

Information and software security

This is the study programme for 2019/2020. It is subject to change.


The course will provide an introduction to information security and basic knowledge about software security. Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of a malicious external act. This means that attributes such as confidentiality and integrity are taken care of, not just availability. The course will present common errors and countermeasures, and describe software activities that contribute to better software security.

Learning outcome

Knowledge:
  • Knowledge in basic information security concepts
  • Know the most common methods of attacking software
  • Know the most common techniques for threat modeling

Skills:
  • Manage basic access control mechanisms, including role-based access control
  • Use techniques to avoid the most common attacks on software
  • Use static security analysis of software
  • Use basic techniques for security testing of software, including penetration testing

General competence:
  • Be able to develop software that, as far as possible, does not contain security vulnerabilities, by performing certain software development activities.

Contents

Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of malicious external actions. This means that attributes such as confidentiality and integrity are taken care of, not just availability. Topics covered include:
  • Introduction to information security
  • Authentication
  • Access Control RBAC
  • GDPR and privacy
  • Typical attacks
  • OWASP top 10
      Software vulnerability
  • SEI Secure coding standard
  • Dependency checking
  • Threat Modeling
      STRIDE
    • EoP
  • Software Security Activities - BSIMM
  • Privacy by design (built-in privacy)
  • Smooth software security
  • Protection Poker
  • Static analysis for safety
  • OWASP Testing Guide
  • Risk-based safety testing
  • Penetration Testing
      Kali Linux
    • Red Team
    • Bug bounties
    • Penetration Testing Standard
  • Software cryptography
      Key Handling
  • Web security

  • Required prerequisite knowledge

    ING100 Introductory course for engineers - Computer science and electrical engineering
    Basic programming skills are required to solve mandatory exercises.

    Recommended previous knowledge

    DAT110 Introduction to programming

    Exam

    Assignments and written exam
    Weight Duration Marks Aid
    Assignments4/10 A - F
    Written exam6/104 hoursA - FNone permitted

    Course teacher(s)

    Course coordinator
    Martin Gilje Jaatun
    Course teacher
    Martin Gilje Jaatun

    Method of work

    2 hours lecture per week + 4 hours lecture every other week. 2 hours of lab with teaching assistant every week.

    Open to

    Computer Science- Bachelor's degree programme in computer science
    Admission to Single Courses at the Faculty of Science and Technology

    Course assessment

    Form and/or discussion.

    Literature

    • Gary McGraw: Software Security - Building Security In Paperback: 448 pages
    • Publisher: Addison-Wesley Professional; 1 edition (February 2, 2006)
    • Language: English
    • ISBN-10: 9780321356703
    • ISBN-13: 978-0321356703
  • Gary McGraw, Jacob West, Sammy Migues: Building Security In Maturity Model v9, 2018, http://bsimm.com
  • Security Engineering: A Guide to Building Dependable Distributed Systems 2nd Edition

  • by Ross J. Anderson.
    Available for free here: https://www.cl.cam.ac.uk/~rja14/book.html
    • OWASP Testing Guide v4.0

    Available for free here: https://www.owasp.org/images/1/19/OTGv4.pdf


    This is the study programme for 2019/2020. It is subject to change.

    Sist oppdatert: 13.11.2019

    History