The course will provide an introduction to information security and basic knowledge about software security. Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of a malicious external act. This means that attributes such as confidentiality and integrity are taken care of, not just availability. The course will present common errors and countermeasures, and describe software activities that contribute to better software security.
Course description for study year 2023-2024. Please note that changes may occur.
Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of malicious external actions. This means that attributes such as confidentiality and integrity are taken care of, not just availability. Topics covered include:
Introduction to information security
GDPR and privacy
OWASP top 10
Software Security Activities - BSIMM
Privacy by design (built-in privacy)
Smooth software security
Static analysis for safety
OWASP Testing Guide
Risk-based safety testing
Knowledge in basic information security concepts
Know the most common methods of attacking software
Know the most common techniques for threat modeling
Manage basic access control mechanisms, including role-based access control
Use techniques to avoid the most common attacks on software
Use static security analysis of software
Use basic techniques for security testing of software, including penetration testing
Be able to develop software that, as far as possible, does not contain security vulnerabilities, by performing certain software development activities.
Required prerequisite knowledge
One of the following alternatives: DAT110 Introduction to Programming DAT120 Introduction to Programming
Basic programming skills are required to solve mandatory exercises.
There must be an early dialogue between the course coordinator, the student representative and the students. The purpose is feedback from the students for changes and adjustments in the course for the current semester.In addition, a digital course evaluation must be carried out at least every three years. Its purpose is to gather the students experiences with the course.