On the basis of
- IMT1082 - Objekt-orientert programmering
- IMT2021 - Algoritmiske metoder
- IMT2282 - Operativsystemer
Expected learning outcomes
- The students have basic knowledge on how software can be created and maintained with security in mind, i.e. deviation from expected functionality owing to interaction with an adversary.
- They understand attack patterns, e.g. buffer overflows, format string problems, command injection, and cross-site scripting.
- The students have an overview of existing techniques, classes of tools and the methods used in software development today.
- Students can apply their knowledge to problem cases in an industrial or research setting.
- They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software.
- The students succeed in presenting their analyses and approaches to other developers, superiors and customers.
- Software Assurance
- Secure Software Development Lifecycle
- Coding Practices and Rules
- Source Code Analysis
- Security Testing
- Attack Patterns
Form(s) of Assessment
Written exam, 3 hours
Alphabetical Scale, A(best) – F (fail)
Evaluated by internal examiner, external examiner is used periodically every four years, next time in 2017/2018.
Re-sit examination in August.
At least 6 (six) obligatory exercise sheets must be handed in.
- Dowd, M., McDonald, J., and Schuh, J. (2006). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. ISBN 0-321-44442-6. Library 005.8 Dow
- Hoglund, G. and McGraw, G. (2004). Exploiting Software: How to Break Code. ISBN 0-201-78695-8. Library 005.8 Hog
- McGraw, G. (2006). Software Security: Building Security in. ISBN 0-321-35670-5. Library 005.8 McG
Replacement course for
IMT3381 Applikasjonssikkerhet, IMT3571 Datasystemsikkerhet