Course

Information and Software Security (DAT250)

The course will provide an introduction to information security and basic knowledge about software security. Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of a malicious external act. This means that attributes such as confidentiality and integrity are taken care of, not just availability. The course will present common errors and countermeasures, and describe software activities that contribute to better software security.


Dette er emnebeskrivelsen for studieåret 2019-2020. Merk at det kan komme endringer.

See course description and exam/assesment information for this semester (2024-2025)

Semesters

Fakta

Emnekode

DAT250

Vekting (stp)

10

Semester undervisningsstart

Autumn

Undervisningsspråk

English

Antall semestre

1

Vurderingssemester

Autumn

Timeplan

Vis timeplan

Content

Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of malicious external actions. This means that attributes such as confidentiality and integrity are taken care of, not just availability. Topics covered include:

  • Introduction to information security
  • Authentication
  • Access Control
    • RBAC
  • GDPR and privacy
  • Typical attacks
  • OWASP top 10
    • Software vulnerability
  • SEI Secure coding standard
  • Dependency checking
  • Threat Modeling
    • STRIDE
    • EoP
  • Software Security Activities - BSIMM
  • Privacy by design (built-in privacy)
  • Smooth software security
  • Protection Poker
  • Static analysis for safety
  • OWASP Testing Guide
  • Risk-based safety testing
  • Penetration Testing
    • Kali Linux
    • Red Team
    • Bug bounties
    • Penetration Testing Standard
  • Software cryptography
    • Key Handling
  • Web security

Learning outcome

Knowledge:

  • Knowledge in basic information security concepts
  • Know the most common methods of attacking software
  • Know the most common techniques for threat modeling

Skills:

  • Manage basic access control mechanisms, including role-based access control
  • Use techniques to avoid the most common attacks on software
  • Use static security analysis of software
  • Use basic techniques for security testing of software, including penetration testing

General competence:

  • Be able to develop software that, as far as possible, does not contain security vulnerabilities, by performing certain software development activities.

Forkunnskapskrav

Introductory course for engineers - Computer science and electrical engineering (ING100)
Basic programming skills are required to solve mandatory exercises.

Anbefalte forkunnskaper

Introduction to Programming (DAT110)

Exam

Form of assessment Weight Duration Marks Aid Exam system Withdrawal deadline Exam date
Assignments 4/10 Letter grades
Written exam 6/10 4 Hours Letter grades None permitted Inspera assessment 11.11.2019 25.11.2019


Fagperson(er)

Head of Department:

Tom Ryen

Course coordinator:

Martin Gilje Jaatun

Coordinator laboratory exercises:

Ferhat Özgur Catak

Method of work

2 hours lecture per week + 4 hours lecture every other week. 2 hours of lab with teaching assistant every week.

Åpent for

Battery and Energy Engineering - Bachelor in Engineering Civil Engineering - Bachelor in Engineering Computer Science - Bachelor in Engineering Computer Science - Bachelor in Engineering, Part-Time Electrical Engineering, Vocational Path - Bachelor's Degree Programme Electrical Engineering - Bachelor's Degree Programme, part-time Electrical Engineering - Bachelor's Degree Programme Energy and Petroleum Engineering - Bachelor in Engineering Geosciences and Energy Resources - Bachelor in Engineering Environmental Engineering - Bachelor in Engineering Mechanical Engineering - Bachelor in Engineering Medical technology - Bachelor in Engineering Medical Technology - Bachelor in Engineering - part time
Admission to Single Courses at the Faculty of Science and Technology
Industrial Economics - Master of Science Degree Programme, Five Year Industrial Automation and Signal Processing - Master's Degree Programme - 5 year
Exchange programme at Faculty of Science and Technology

Emneevaluering

Form and/or discussion.

Litteratur

  • Gary McGraw: Software Security - Building Security In
    • Paperback: 448 pages
    • Publisher: Addison-Wesley Professional; 1 edition (February 2, 2006)
    • Language: English
    • ISBN-10: 9780321356703
    • ISBN-13: 978-0321356703
  • Gary McGraw, Jacob West, Sammy Migues: Building Security In Maturity Model v9, 2018, http://bsimm.comhttp://bsimm.com
  • Security Engineering: A Guide to Building Dependable Distributed Systems 2nd Edition

by Ross J. Anderson.

Available for free here: https://www.cl.cam.ac.uk/~rja14/book.htmlhttps://www.cl.cam.ac.uk/~rja14/book.html

 

  • OWASP Testing Guide v4.0

Available for free here: https://www.owasp.org/images/1/19/OTGv4.pdfhttps://www.owasp.org/images/1/19/OTGv4.pdf

Kontakt

Head of Department:

Tom Ryen

Course coordinator:

Martin Gilje Jaatun

Coordinator laboratory exercises:

Ferhat Özgur Catak

Tilbys av

Faculty of Science and Technology

Department of Electrical Engineering and Computer Science

The course description is retrieved from FS (Felles studentsystem). Version 1