Bygger på

• IMT1082 - Objekt-orientert programmering
• IMT2021 - Algoritmiske metoder
• IMT2282 - Operativsystemer

Forventet læringsutbytte

The objective of the proposed course is to give students basic security-related knowledge that all software developers should be aware of, and information about available technology, general classes of tools, and current best practices of software security so that they will be able to

• understand common software security risks, including buffer overflows, format-string problems, command injections, race conditions, and cross-sit scripting
• identify potential threats and vulnerabilities early in the software design cycle and apply appropriate means to avoid security holes in new software.

Emnets temaer

The course is intended for undergraduate students in information security and related fields such as computer science, engineering and media technology. The course addresses the question how to design software with security in mind from the earl beginning of the development process and to integrate testing and risk management throughout the software life cycle.

The course introduces key concepts and best practices to identify and eliminate security vulnerabilities in software. It provides guidelines to build in security. The following topics in secure software design and programming are covered in detail:

• Software Assurance
• Risk Analysis & Management
• Secure Software Development Cycle
• Coding Practices and Rules
• Source Code Analysis
• Security Testing
• Attack Patterns
• Malware

Pedagogiske metoder

Forelesninger
Gruppearbeid
Lab.øvelser
Oppgaveløsning

Vurderingsformer

Oppgaveløsning
Skriftlig eksamen, 3 timer
Vurdering av prosjekt(er)

Vurderingsformer

• Written exam, 3 hours (50%)
• Project evaluation (30%)
• Exercise evaluation (4x5%)

All parts must be passed.

Karakterskala

Bokstavkarakterer, A (best) - F (ikke bestått)

Sensorordning

Evaluation by the lecturer

Gjennomføring av kontinuasjon

Ordinary re-sit examination

Tillatte hjelpemidler (gjelder kun skriftlig eksamen)

None

Obligatoriske arbeidskrav

None

Læremidler

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Mark Dowd, John McDonald, Justin Schuh. Publisher: Addison Wesley Professional. Pub Date: November 20, 2006. Print ISBN-10: 0-321-44442-6. Print ISBN-13: 978-0-321-44442-4. Pages: 1200

Erstatter

IMT3381 Applikasjonssikkerhet