Software Security
Study plans 2016-2017 - IMT3501 - 10 ECTS

On the basis of

  • IMT1082 - Objekt-orientert programmering
  • IMT2021 - Algoritmiske metoder
  • IMT2282 - Operativsystemer

Expected learning outcomes


  • The students have basic knowledge on how software can be created and maintained with security in mind, i.e. deviation from expected functionality owing to interaction with an adversary. 
  • They understand attack patterns, e.g. buffer overflows, format string  problems, command injection, and cross-site scripting.  
  • The students have an overview of existing techniques, classes of tools and the methods used in software development today.


  • Students can apply their knowledge to problem cases in an industrial or research setting. 
  • They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software.

General competence

  • The students succeed in presenting their analyses and approaches to other developers, superiors and customers.


  • Software Assurance
  • Secure Software Development Lifecycle
  • Coding Practices and Rules
  • Source Code Analysis
  • Security Testing
  • Attack Patterns

Teaching Methods

Laboratory work
Mandatory assignments

Form(s) of Assessment

Written exam, 3 hours

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by internal examiner, external examiner is used periodically every four years, next time in 2017/2018.

Re-sit examination

Re-sit examination in August.

Examination support


Coursework Requirements

At least 6 (six) obligatory exercise sheets must be handed in.

Teaching Materials

  • Dowd, M., McDonald, J., and Schuh, J. (2006). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. ISBN 0-321-44442-6. Library 005.8 Dow

Additional resources:

  • Hoglund, G. and McGraw, G. (2004). Exploiting Software: How to Break Code. ISBN 0-201-78695-8. Library 005.8 Hog
  • McGraw, G. (2006). Software Security: Building Security in. ISBN 0-321-35670-5. Library 005.8 McG

Replacement course for

IMT3381 Applikasjonssikkerhet, IMT3571 Datasystemsikkerhet