On the basis of
- IMT1082 - Objekt-orientert programmering
- IMT1121 - Innføring i informasjonssikkerhet
- IMT2021 - Algoritmiske metoder
- IMT2282 - Operativsystemer
- IMT2431 - Datakommunikasjon og nettverkssikkerhet
Expected learning outcomes
- The students have basic knowledge on how software can be created and maintained with security in mind, i.e. deviation from expected functionality owing to interaction with an adversary.
- They understand attack patterns, e.g. buffer overflows , format string problems, command injection , and cross-site scripting .
- The students have an overview of existing techniques, classes of tools and the methods used in software development today.
- Students can apply their knowledge to problem cases in an industrial or research setting.
- They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software.
- The students succeed in presenting their analyses and approaches to other developers, superiors and customers.
- Software Assurance
- Risk Analysis & Management
- Secure Software Development Cycle
- Coding Practices and Rules
- Source Code Analysis
- Security Testing
- Attack Patterns
PBL (Problem Based Learning)
Form(s) of Assessment
Written exam, 3 hours
Alphabetical Scale, A(best) – F (fail)
Evaluated by internal examiner, external examiner is used periodically (every four years, next time in 2013/2014)
Ordinary re-sit examination
All self-produced hand-written paper-based support is allowed up to 2 pages A4. Support documents have to be turned in with the written examination and will not be returned to the student.
At least 5 (five) obligatory exercises must be handed in. Hand-ins are marked by other students. Participants must mark as many exercises as they have handed in. If an exercise does not get a passing grade, the student can request that his exercise be marked by the lecturer.
- Dowd, M., McDonald, J., and Schuh, J. (2006). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. ISBN 0-321-44442-6. Library 005.8 Dow
- Hoglund, G. and McGraw, G. (2004). Exploiting Software: How to Break Code. ISBN 0-201-78695-8. Library 005.8 Hog
- McGraw, G. (2006). Software Security: Building Security in. ISBN 0-321-35670-5. Library 005.8 McG
Replacement course for
IMT3381 Applikasjonssikkerhet, IMT3571 Datasystemsikkerhet