Information and Software Security (DAT250)

Content

Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of malicious external actions. This means that attributes such as confidentiality and integrity are taken care of, not just availability. Topics covered include:

• Introduction to information security
• Authentication
• Access Control
• GDPR and privacy
• Typical attacks

• OWASP top 10

  • Software vulnerability
• Dependency checking

• Threat Modeling

  • STRIDE
• Software Security Activities - BSIMM
• Privacy by design (built-in privacy)
• Smooth software security
• Protection Poker
• Static analysis for safety
• OWASP Testing Guide
• Risk-based safety testing

• Penetration Testing

  • Kali Linux
  • Red Team
  • Bug bounties

• Software cryptography

  • Key Handling
• Web security

Learning outcome

Knowledge:

• Knowledge in basic information security concepts
• Know the most common methods of attacking software
• Know the most common techniques for threat modeling

Skills:

• Manage basic access control mechanisms, including role-based access control
• Use techniques to avoid the most common attacks on software
• Use static security analysis of software
• Use basic techniques for security testing of software, including penetration testing

General competence:

• Be able to develop software that, as far as possible, does not contain security vulnerabilities, by performing certain software development activities.

Required prerequisite knowledge

Recommended prerequisites

Exam

Coursework requirements

There are two mandatory activities with a pass/fail assessment.

Both activities must be passed to gain access to the exam.

Course teacher(s)

Course coordinator:

Coordinator laboratory exercises:

Head of Department:

Method of work

Open for

Course assessment

Literature