Course

Information and Software Security (DAT250)

The course will provide an introduction to information security and basic knowledge about software security. Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of a malicious external act. This means that attributes such as confidentiality and integrity are taken care of, not just availability. The course will present common errors and countermeasures, and describe software activities that contribute to better software security.


Dette er emnebeskrivelsen for studieåret 2025-2026

Fakta

Emnekode

DAT250

Vekting (stp)

10

Semester undervisningsstart

Autumn

Undervisningsspråk

English

Antall semestre

1

Vurderingssemester

Autumn

Timeplan

Vis timeplan

Litteratur

Søk etter pensumlitteratur i Leganto

Content

Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of malicious external actions. This means that attributes such as confidentiality and integrity are taken care of, not just availability. Topics covered include:

  • Introduction to information security
  • Authentication
  • Access Control
  • GDPR and privacy
  • Typical attacks

  • OWASP top 10

    • Software vulnerability
  • Dependency checking

  • Threat Modeling

    • STRIDE
  • Software Security Activities - BSIMM
  • Privacy by design (built-in privacy)
  • Smooth software security
  • Protection Poker
  • Static analysis for safety
  • OWASP Testing Guide
  • Risk-based safety testing

  • Penetration Testing

    • Kali Linux
    • Red Team
    • Bug bounties

  • Software cryptography

    • Key Handling
  • Web security

Learning outcome

Knowledge:

  • Knowledge in basic information security concepts
  • Know the most common methods of attacking software
  • Know the most common techniques for threat modeling

Skills:

  • Manage basic access control mechanisms, including role-based access control
  • Use techniques to avoid the most common attacks on software
  • Use static security analysis of software
  • Use basic techniques for security testing of software, including penetration testing

General competence:

  • Be able to develop software that, as far as possible, does not contain security vulnerabilities, by performing certain software development activities.

Forkunnskapskrav

Introductory course for engineers - Computer science and electrical engineering (ING100)
Basic programming skills are required to solve mandatory exercises.

Anbefalte forkunnskaper

Web Programming (DAT310)

Exam

Form of assessment Weight Duration Marks Aid
Written exam 1/1 4 Hours Letter grades None permitted


Digital exam.

Vilkår for å gå opp til eksamen/vurdering

Exercises

There are two mandatory activities with a pass/fail assessment.

Both activities must be passed to gain access to the exam.

Fagperson(er)

Head of Department:

Tom Ryen

Course coordinator:

Martin Gilje Jaatun

Coordinator laboratory exercises:

Ferhat Özgur Catak

Method of work

2 hours lecture per week + 4 hours lecture every other week. 2 hours of lab with teaching assistant every week.

Åpent for

Battery and Energy Engineering - Bachelor in Engineering Civil Engineering - Bachelor in Engineering Computer Science - Bachelor in Engineering Computer Science - Bachelor in Engineering, Part-Time Electrical Engineering, Vocational Path - Bachelor's Degree Programme Electrical Engineering - Bachelor's Degree Programme, part-time Electrical Engineering - Bachelor's Degree Programme Energy and Petroleum Engineering - Bachelor in Engineering Geosciences and Energy Resources - Bachelor in Engineering Environmental Engineering - Bachelor in Engineering Mechanical Engineering - Bachelor in Engineering Medical technology - Bachelor in Engineering Medical Technology - Bachelor in Engineering - part time
Admission to Single Courses at the Faculty of Science and Technology
Industrial Economics - Master of Science Degree Programme, Five Year Industrial Automation and Signal Processing - Master's Degree Programme - 5 year
Exchange programme at Faculty of Science and Technology

Emneevaluering

There must be an early dialogue between the course supervisor, the student union representative and the students. The purpose is feedback from the students for changes and adjustments in the course for the current semester.In addition, a digital course evaluation must be carried out at least every three years. Its purpose is to gather the students experiences with the course.

Kontakt

Head of Department:

Tom Ryen

Course coordinator:

Martin Gilje Jaatun

Coordinator laboratory exercises:

Ferhat Özgur Catak

Tilbys av

Faculty of Science and Technology

Department of Electrical Engineering and Computer Science

The course description is retrieved from FS (Felles studentsystem). Version 1