CloseHelpPrint
Kies de Nederlandse taal
Course module: 201600051
201600051
Software Security
Course info
Course module201600051
Credits (ECTS)5
Course typeCourse
Language of instructionEnglish
Contact personprof.dr. J.C. van de Pol
E-mailj.c.vandepol@utwente.nl
Lecturer(s)
Contactperson for the course
prof.dr. J.C. van de Pol
Lecturer
prof.dr. J.C. van de Pol
Academic year2017
Starting block
1B
Application procedureYou apply via OSIRIS Student
Registration using OSIRISYes
Learning goals
The student will acquire:
  • A good understanding of the nature of security vulnerabilities in software systems
  • A basic understanding of principles for secure software development and language-based security concepts
  • A good understanding of static and dynamic program analysis techniques and security testing 
Content
Synopsis:
The course studies the nature of security vulnerabilities in software systems, the techniques to detect and prevent these problems by proper programming and programming languages, and their embedding in a security-aware software development process.

Contents:
  • Software Security Vulnerabilities (buffer and integer overflows, return oriented programming, code injection (SQL, XSS), race conditions, information exposure);
  • Principles of Secure Programming (threat modeling, small/simple trusted computing base, coding standards for secure defaults & failures, least privilege, preventing injection attacks by input validation);
  • Language-Based Security (memory & type safety, access control, static and dynamic semantics, type soundness);
  • Static Analysis Techniques (control, data & information flow analysis, fuzzing and penetration testing, symbolic execution).

Core text:
Book: “Software Security: Building Security In” by Gary McGraw
Papers & online-material
Assumed previous knowledge
Basic knowledge of programming in C; basic knowledge of operating systems/compilers
Previous knowledge can be gained by
BSc courses, like the modules on software systems and computer systems
Resources for self study
Basic tutorial, like https://www.cprogramming.com/tutorial/c-tutorial.html
PARTICIPATING STUDY
M-CSC
Required materials
-
Recommended materials
-
Instructional modes
Lecture

Tests
Exam

Remark
Written exam and homework (programming and program analysis) assignments.

CloseHelpPrint
Kies de Nederlandse taal