Information and Software Security (DAT250)
The course will provide an introduction to information security and basic knowledge about software security. Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of a malicious external act. This means that attributes such as confidentiality and integrity are taken care of, not just availability. The course will present common errors and countermeasures, and describe software activities that contribute to better software security.
Course description for study year 2025-2026
Course code
DAT250
Version
1
Credits (ECTS)
10
Semester tution start
Autumn
Number of semesters
1
Exam semester
Autumn
Language of instruction
English
Admission requirements
Higher engineering education (HING)
Content
Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of malicious external actions. This means that attributes such as confidentiality and integrity are taken care of, not just availability. Topics covered include:
Introduction to information security
Authentication
Access Control
GDPR and privacy
Typical attacks
OWASP top 10
Software vulnerability
Dependency checking
Threat Modeling
STRIDE
Software Security Activities - BSIMM
Privacy by design (built-in privacy)
Smooth software security
Protection Poker
Static analysis for safety
OWASP Testing Guide
Risk-based safety testing
Penetration Testing
Kali Linux
Red Team
Bug bounties
Software cryptography
Key Handling
Web security
Learning outcome
Knowledge:
Knowledge in basic information security concepts
Know the most common methods of attacking software
Know the most common techniques for threat modeling
Skills:
Manage basic access control mechanisms, including role-based access control
Use techniques to avoid the most common attacks on software
Use static security analysis of software
Use basic techniques for security testing of software, including penetration testing
General competence:
Be able to develop software that, as far as possible, does not contain security vulnerabilities, by performing certain software development activities.
Required prerequisite knowledge
DAT110 Introduction to Programming
DAT120 Introduction to Programming
Basic programming skills are required to solve mandatory exercises.
Recommended prerequisites
Exam
Form of assessment | Weight | Duration | Marks | Aid |
---|---|---|---|---|
Written exam | 1/1 | 4 Hours | Letter grades | None permitted |
Digital exam.
Coursework requirements
There are two mandatory activities with a pass/fail assessment.
Both activities must be passed to gain access to the exam.
Course teacher(s)
Course coordinator:
Martin Gilje JaatunCoordinator laboratory exercises:
Ferhat Özgur CatakHead of Department:
Tom RyenMethod of work
2 hours lecture per week + 4 hours lecture every other week. 2 hours of lab with teaching assistant every week.