DV2546 Software Security

Programme course, 7,5 Higher education credits, Second cycle, autumn semester 2022

This course is part of a programme and cannot be applied.

The student will be provided with practical knowledge on how to find and correct software vulnerabilities that could result in severe consequences. The student will also gain insights on how to avoid many security related pitfalls, which result in a deepened understanding on how to secure software.

Facts

  • Type of instruction: On campus, day, part-time 50%
  • Period : 2022-October-31 until 2023-January-15
  • Education level: A1N
  • Application: This course is part of a programme and cannot be applied.
  • Language of instruction: The language of instruction is English.
  • Location: Karlskrona
  • Main field of study: Computer Science
  • Course syllabus: Download
  • Welcome letter: This course is part of a programme and has no welcome letter.
  • Entry requirements: Admission to the course requires passing the course,'' Programming in UNIX environment ''.

Content

The course comprises the following:

  • Software security background: historical overview, why software needs to be protected, traditional techniques used.
  • Detailed analysis of different groups of software vulnerabilities, their characteristics, how adversaries can exploit them, and how to protect against them.
  • Specific problems relating to software security within a Web context in terms of threats and countermeasures.
  • Source code analysis, different methods used, and introduction to existing tools.
  • Software security research: motivation, goals, state-of-the-art, and related areas.

Learning outcomes

Knowledge and understanding

  • be able to reason about software security problems and protection techniques on both an abstract and a more technically advanced level.
  • be able to explain how software exploitation techniques, used by adversaries, function and how to protect against them.

Skills and abilities
  • be able to individually review executing software systems and its source code in search for security flaws.
  • be able to correctly address identified common security flaws relating to software in both web applications and client/server systems.
  • use the repositories of vulnerabilities to investigate and keep updated about current threats.

Course literature and other teaching material

1. Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition
Author: Allen Harper, Daniel Regalado, Shon Harris, Chris Eagle, Jonathan Ness, Branko Spasojevic, Ryan Linn and Stephen Sims
Publisher: McGraw-Hill Education
Published: 2018
ISBN: 9781260108415

2. The Web Application Hacker's handbook
Author: Dafydd Stuttard, Marcus Pinto
Publisher: John Wiley & Sons
Published: 2011

Course literature and other teaching material

1. Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition
Author: Allen Harper, Daniel Regalado, Shon Harris, Chris Eagle, Jonathan Ness, Branko Spasojevic, Ryan Linn and Stephen Sims
Publisher: McGraw-Hill Education
Published: 2018
ISBN: 9781260108415

2. The Web Application Hacker's handbook
Author: Dafydd Stuttard, Marcus Pinto
Publisher: John Wiley & Sons
Published: 2011

Learning methods

The course consists of:

  • Lectures where the students are introduced to theories within a software security context
  • Seminars where the students in groups implement the theories, resulting in a more profound understanding of core concepts
  • Assignments with tasks about source code analysis, binary file analysis, web security and client-server security problems.

Work placement

No work placement is included in the planned learning activities. BTH is aiming for a close contact with the surrounding community when developing courses and programmes.

Teachers

Planned learning activities

Lectures, exercises and laboratory sessions

Time allocation

On average, a student should study 200 hours to reach the learning outcomes.
This time includes all the various available learning activities (lectures, self studies, examinations, etc.).
This estimation is based on the fact that one academic year counts as 60 ECTS credits,
corresponding to an average student workload of 1 600 hours. This may vary individually.

Assessments

Component examinations for the course
Code Title ECTS credits Grade
1310 Web-/Client server 1.5 G-U
1320 Source code analysis 3 A-F
1330 Binary file analysis 1.5 A-F
1340 Identification and management of software vulnerabilities 1.5 A-F

Grading

The course will be graded A Excellent, B Very good, C Good, D Satisfactory, E Sufficient, FX Insufficient, supplementation required, F Fail.

Exams

More information about exams are found in the Student's Portal, where you also enrolls for most exams.


There might be other scheduled examinations. Information regarding these examinations are available in the learning platform Canvas or at other places that the person who is responsible of the course will refer to.

Course Evaluation

The course manager is responsible for the views of students on the course being systematically and regularly gathered and that the results of the evaluations in various forms affect the form and development of the course.

Do you have a question? Type it here and we will get back to you as soon as possible!
×