Course

Information and Software Security (DAT250)

Facts

Course code DAT250

Credits (ECTS) 10

Semester tution start Autumn

Language of instruction English

Number of semesters 1

Exam semester Autumn

Time table View course schedule

Literature Search for literature in Leganto

Introduction

The course will provide an introduction to information security and basic knowledge about software security. Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of a malicious external act. This means that attributes such as confidentiality and integrity are taken care of, not just availability. The course will present common errors and countermeasures, and describe software activities that contribute to better software security.

Content

Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of malicious external actions. This means that attributes such as confidentiality and integrity are taken care of, not just availability. Topics covered include:

  • Introduction to information security
  • Authentication
  • Access Control
  • GDPR and privacy
  • Typical attacks

  • OWASP top 10

    • Software vulnerability
  • Dependency checking

  • Threat Modeling

    • STRIDE
  • Software Security Activities - BSIMM
  • Privacy by design (built-in privacy)
  • Smooth software security
  • Protection Poker
  • Static analysis for safety
  • OWASP Testing Guide
  • Risk-based safety testing

  • Penetration Testing

    • Kali Linux
    • Red Team
    • Bug bounties

  • Software cryptography

    • Key Handling
  • Web security

Learning outcome

Knowledge:

  • Knowledge in basic information security concepts
  • Know the most common methods of attacking software
  • Know the most common techniques for threat modeling

Skills:

  • Manage basic access control mechanisms, including role-based access control
  • Use techniques to avoid the most common attacks on software
  • Use static security analysis of software
  • Use basic techniques for security testing of software, including penetration testing

General competence:

  • Be able to develop software that, as far as possible, does not contain security vulnerabilities, by performing certain software development activities.

Required prerequisite knowledge

  • Introduction to Programming (DAT110)
or
  • Programming fundamentals (DAT120)
Basic programming skills are required to solve mandatory exercises.

Recommended prerequisites

Databases and Web programming (DAT130), Web Programming (DAT310)

Exam

Written exam

Weight 1/1

Duration 4 Hours

Marks Letter grades

Aid None permitted

Digital exam.

When artificial intelligence is used in assessments, the student must document this by completing and submitting the self-declaration form. If you submit text, calculations, etc. that are directly copied from an AI writing tool, this will be regarded as presenting the work of others as your own and therefore constitutes cheating.

Coursework requirements

Exercises

Two obligatory assignments have to be completed and approved to be able to take the exam.

Assignment 1: Find security bugs, flaws and vulnerabilities in the application "Social insecurity"

Assignment 2: Fix bugs, flaws and vulnerabilities that were found in assignment 1

Method of work

2 hours lecture per week + 4 hours lecture every other week. 2 hours of lab with teaching assistant every week.

Open for

Battery and Energy Engineering Civil Engineering Computer Science Computer Science, Part-Time Electrical Engineering, Vocational Path Electrical Engineering, Part-Time Electrical Engineering Energy and Petroleum Engineering Geosciences and Energy Resources Environmental Engineering Mechanical Engineering Medical Technology Medical Technology - Part-Time Industrial Economics
Exchange programme at The Faculty of Science and Technology

Course assessment

The faculty decides whether early dialogue will be held in all courses or in selected groups of courses. The aim is to collect student feedback for improvements during the semester. In addition, a digital course evaluation must be conducted at least every three years to gather students’ experiences.

Contact

Head of Department:
Tom Ryen
Course coordinator:
Martin Gilje Jaatun
Coordinator laboratory exercises:
Ferhat Özgur Catak

Offered by

Faculty of Science and Technology

Department of Electrical Engineering and Computer Science

The course description is retrieved from FS (Felles studentsystem). Version 1