Information and software security DAT250

The course will provide an introduction to information security and basic knowledge about software security. Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of a malicious external act. This means that attributes such as confidentiality and integrity are taken care of, not just availability. The course will present common errors and countermeasures, and describe software activities that contribute to better software security.


Course description for study year 2021-2022

Facts
Course code

DAT250

Version

1

Credits (ECTS)

10

Semester tution start

Autumn

Number of semesters

1

Exam semester

Autumn

Language of instruction

English, Norwegian

Offered by

Faculty of Science and Technology, Department of Electrical Engineering and Computer Science

Learning outcome

Knowledge:

  • Knowledge in basic information security concepts
  • Know the most common methods of attacking software
  • Know the most common techniques for threat modeling

Skills:

  • Manage basic access control mechanisms, including role-based access control
  • Use techniques to avoid the most common attacks on software
  • Use static security analysis of software
  • Use basic techniques for security testing of software, including penetration testing

General competence:

  • Be able to develop software that, as far as possible, does not contain security vulnerabilities, by performing certain software development activities.
Content
Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of malicious external actions. This means that attributes such as confidentiality and integrity are taken care of, not just availability. Topics covered include:
  • Introduction to information security
  • Authentication
  • Access Control
  • GDPR and privacy
  • Typical attacks
  • OWASP top 10 Software vulnerability
  • Dependency checking
  • Threat Modeling STRIDE
  • Software Security Activities - BSIMM
  • Privacy by design (built-in privacy)
  • Smooth software security
  • Protection Poker
  • Static analysis for safety
  • OWASP Testing Guide
  • Risk-based safety testing
  • Penetration Testing Kali LinuxRed TeamBug bounties
  • Software cryptography Key Handling
  • Web security
Required prerequisite knowledge
ING100 Introductory course for engineers - Computer science and electrical engineering
Basic programming skills are required to solve mandatory exercises.
Recommended prerequisites
DAT110 Introduction to Programming
Exam

Assignments and written exam

Form of assessment Weight Duration Marks Aid
Assignments 4/10 A - F
Written exam 6/10 4 Hours A - F None permitted

Course teacher(s)
Course coordinator: Martin Gilje Jaatun
Course coordinator: Martin Gilje Jaatun
Course coordinator: Martin Gilje Jaatun
Head of Department: Tom Ryen
Method of work
2 hours lecture per week + 4 hours lecture every other week. 2 hours of lab with teaching assistant every week.
Open for
Computer Science- Bachelor's degree programme in computer science Admission to Single Courses at the Faculty of Science and Technology Exchange programme at Faculty of Science and Technology
Course assessment
Form and/or discussion.
Literature
The syllabus can be found in Leganto