Information and Software Security (DAT250)

The course will provide an introduction to information security and basic knowledge about software security. Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of a malicious external act. This means that attributes such as confidentiality and integrity are taken care of, not just availability. The course will present common errors and countermeasures, and describe software activities that contribute to better software security.


Course description for study year 2024-2025. Please note that changes may occur.

Facts

Course code

DAT250

Version

1

Credits (ECTS)

10

Semester tution start

Autumn

Number of semesters

1

Exam semester

Autumn

Language of instruction

English

Content

Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of malicious external actions. This means that attributes such as confidentiality and integrity are taken care of, not just availability. Topics covered include:

  • Introduction to information security
  • Authentication
  • Access Control
  • GDPR and privacy
  • Typical attacks
  • OWASP top 10

    • Software vulnerability
  • Dependency checking
  • Threat Modeling

    • STRIDE
  • Software Security Activities - BSIMM
  • Privacy by design (built-in privacy)
  • Smooth software security
  • Protection Poker
  • Static analysis for safety
  • OWASP Testing Guide
  • Risk-based safety testing
  • Penetration Testing

    • Kali Linux
    • Red Team
    • Bug bounties
  • Software cryptography

    • Key Handling
  • Web security

Learning outcome

Knowledge:

  • Knowledge in basic information security concepts
  • Know the most common methods of attacking software
  • Know the most common techniques for threat modeling

Skills:

  • Manage basic access control mechanisms, including role-based access control
  • Use techniques to avoid the most common attacks on software
  • Use static security analysis of software
  • Use basic techniques for security testing of software, including penetration testing

General competence:

  • Be able to develop software that, as far as possible, does not contain security vulnerabilities, by performing certain software development activities.

Required prerequisite knowledge

One of the following alternatives:
DAT110 Introduction to Programming
DAT120 Introduction to Programming
Basic programming skills are required to solve mandatory exercises.

Recommended prerequisites

DAT310 Web Programming

Exam

Form of assessment Weight Duration Marks Aid
Written exam 1/1 4 Hours Letter grades None permitted

Digital exam.

Coursework requirements

Exercises

Course teacher(s)

Course coordinator:

Martin Gilje Jaatun

Course coordinator:

Martin Gilje Jaatun

Coordinator laboratory exercises:

Ferhat Özgur Catak

Course coordinator:

Martin Gilje Jaatun

Head of Department:

Tom Ryen

Method of work

2 hours lecture per week + 4 hours lecture every other week. 2 hours of lab with teaching assistant every week.

Open for

Computer Science - Bachelor in Engineering
Admission to Single Courses at the Faculty of Science and Technology
Exchange programme at Faculty of Science and Technology

Course assessment

There must be an early dialogue between the course supervisor, the student union representative and the students. The purpose is feedback from the students for changes and adjustments in the course for the current semester.In addition, a digital subject evaluation must be carried out at least every three years. Its purpose is to gather the students experiences with the course.

Literature

The syllabus can be found in Leganto