On the basis of
Software development skills are important, previous exposition to software security basics as, e.g., in IMT3501 Software Security is helpful.
Expected learning outcomes
Students who have completed this course are expected to possess thorough knowledge of current software security challenges, well-known vulnerabilities, attack methods, secure software engineering principles, and strategies to avoid vulnerabilities. They can apply their knowledge to situations and tools addressed in the course and are able to transfer their skills to new application areas in their workplace or further academic studies.
Students can explain why and how protection methods work and are able to determine the limits of protection. They can gather information on the state of research and practice and discuss a current issue of software security in an independently-written report under ephemeral guidance.
In lab exercises students demonstrate contributions to innovation by solving challenging tasks and by improving software artifacts in maintenance settings.
- Goals and technical trends of software security.
- System design.
- Software vulnerabilities.
- Code reviews.
- Software security testing.
PBL (Problem Based Learning)
Teaching Methods (additional text)
The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (ClassFronter).
Form(s) of Assessment
Evaluation of Project(s)
Form(s) of Assessment (additional text)
Assessment of one project. This includes submission of a written report, presentation of the findings of the report, and answering questions on the presentation raised by the audience. Remote students may pre-record their presentation so that it can be played in class.
Alphabetical Scale, A(best) – F (fail)
One internal examiner. An external examiner will be used every 4th year. Next time in the academic year 2014/2015.
Students who fail can submit one new report based on a topic assigned by the instructor.
Students are expected to attend presentations given by other students in class and to engage in discussion following presentations. Remote students are expected to read other students' presentation material and to provide short feedback in written form.
Book: Dowd, M., McDonald, J., and Schuh, J. (2006). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. ISBN 0-321-44442-6. Library 005.8 Dow
Scientific articles as supplied by the instructor during the course