CloseHelpPrint
Kies de Nederlandse taal
Course module: 201600051
201600051
Software Security
Course info
Course module201600051
Credits (ECTS)5
Course typeCourse
Language of instructionEnglish
Contact personprof.dr. J.C. van de Pol
E-mailj.c.vandepol@utwente.nl
Lecturer(s)
Lecturer
prof.dr. J.C. van de Pol
Contactperson for the course
prof.dr. J.C. van de Pol
Academic year2016
Starting block
1B
Application procedureYou apply via OSIRIS Student
Registration using OSIRISYes
Learning goals
The student will acquire:
  • A good understanding of the nature of security vulnerabilities in software systems
  • A basic understanding of principles for secure software development and language-based security concepts
  • A good understanding of static and dynamic program analysis techniques and security testing 
Content
Synopsis:
The course studies the nature of security vulnerabilities in software systems, the techniques to detect and prevent these problems by proper programming and programming languages, and their embedding in a security-aware software development process.

Contents:
  • Software Security Vulnerabilities (code injection (SQL, XSS), buffer and integer overflows, race conditions, information exposure);
  • Principles of Secure Programming (threat modeling, small/simple trusted computing base, coding standards for secure defaults & failures, preventing injection attacks by input validation);
  • Language-Based Security (memory & type safety, access control, static and dynamic semantics, type soundness);
  • Static Analysis Techniques (control flow analysis, data flow analysis, information flow, least privilege).
Core text:
Papers & a book such as “Software Security: Building Security In” by Gary McGraw (to be confirmed)
Assumed previous knowledge
-
PARTICIPATING STUDY
M-CSC
Required materials
-
Recommended materials
-
Instructional modes
Lecture

Tests
Exam

Remark
Written exam and homework (programming and/or program analysis) assignments.

CloseHelpPrint
Kies de Nederlandse taal