Information and Software Security (DAT250)
The course will provide an introduction to information security and basic knowledge about software security. Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of a malicious external act. This means that attributes such as confidentiality and integrity are taken care of, not just availability. The course will present common errors and countermeasures, and describe software activities that contribute to better software security.
Course description for study year 2024-2025
Course code
DAT250
Version
1
Credits (ECTS)
10
Semester tution start
Autumn
Number of semesters
1
Exam semester
Autumn
Language of instruction
English
Content
Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of malicious external actions. This means that attributes such as confidentiality and integrity are taken care of, not just availability. Topics covered include:
- Introduction to information security
- Authentication
- Access Control
- GDPR and privacy
- Typical attacks
OWASP top 10
- Software vulnerability
- Dependency checking
Threat Modeling
- STRIDE
- Software Security Activities - BSIMM
- Privacy by design (built-in privacy)
- Smooth software security
- Protection Poker
- Static analysis for safety
- OWASP Testing Guide
- Risk-based safety testing
Penetration Testing
- Kali Linux
- Red Team
- Bug bounties
Software cryptography
- Key Handling
- Web security
Learning outcome
Knowledge:
- Knowledge in basic information security concepts
- Know the most common methods of attacking software
- Know the most common techniques for threat modeling
Skills:
- Manage basic access control mechanisms, including role-based access control
- Use techniques to avoid the most common attacks on software
- Use static security analysis of software
- Use basic techniques for security testing of software, including penetration testing
General competence:
- Be able to develop software that, as far as possible, does not contain security vulnerabilities, by performing certain software development activities.
Required prerequisite knowledge
DAT110 Introduction to Programming
DAT120 Introduction to Programming
Recommended prerequisites
Exam
Form of assessment | Weight | Duration | Marks | Aid |
---|---|---|---|---|
Written exam | 1/1 | 4 Hours | Letter grades | None permitted |
Digital exam.