Facts

Course level: Bachelor (syklus 1)
ECTS Credits: 10
Duration: Autumn
Language of instruction: Norsk, alternativt engelsk
Academic responsibility: Faculty of Computer Science and Media Technology
Course responsibility:

Basel Katt
Associate Professor

Basel Katt

Title:
Associate Professor

Room number:
A114

E-mail:
basel.katt @ ntnu.no

Work:
61 13 51 76

Discipline:
Software Security, Security Testing, Access Control, Security Monitoring, Secure Software Development, Model driven Security

Home page:
http://www.ansatt.hig.no/baselk/

PDF utskrift

Software Security
Study plans 2016-2017 - IMT3501 - 10 ECTS

On the basis of

IMT1082 - Objekt-orientert programmering
IMT2021 - Algoritmiske metoder
IMT2282 - Operativsystemer

Expected learning outcomes

Knowledge

The students have basic knowledge on how software can be created and maintained with security in mind, i.e. deviation from expected functionality owing to interaction with an adversary.
They understand attack patterns, e.g. buffer overflows, format string problems, command injection, and cross-site scripting.
The students have an overview of existing techniques, classes of tools and the methods used in software development today.

Skills

Students can apply their knowledge to problem cases in an industrial or research setting.
They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software.

General competence

The students succeed in presenting their analyses and approaches to other developers, superiors and customers.

Topic(s)

Software Assurance
Secure Software Development Lifecycle
Coding Practices and Rules
Source Code Analysis
Security Testing
Attack Patterns

Teaching Methods

Lectures
Laboratory work
Mandatory assignments

Form(s) of Assessment

Written exam, 3 hours

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by internal examiner, external examiner is used periodically every four years, next time in 2017/2018.

Re-sit examination

Re-sit examination in August.

Examination support

Dictionary.

Coursework Requirements

At least 6 (six) obligatory exercise sheets must be handed in.

Teaching Materials

Dowd, M., McDonald, J., and Schuh, J. (2006). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. ISBN 0-321-44442-6. Library 005.8 Dow

Additional resources:

Hoglund, G. and McGraw, G. (2004). Exploiting Software: How to Break Code. ISBN 0-201-78695-8. Library 005.8 Hog
McGraw, G. (2006). Software Security: Building Security in. ISBN 0-321-35670-5. Library 005.8 McG

Replacement course for

IMT3381 Applikasjonssikkerhet, IMT3571 Datasystemsikkerhet