Kies de Nederlandse taal
Course module: NWI-IMC051
Software Security
Course infoSchedule
Course moduleNWI-IMC051
Credits (ECTS)5
CategoryMA (Master)
Language of instructionEnglish
Offered byRadboud University; Faculty of Science; Informatica en Informatiekunde;
dr. ir. E. Poll
Other course modules lecturer
dr. ir. E. Poll
Other course modules lecturer
Contactperson for the course
dr. ir. E. Poll
Other course modules lecturer
Academic year2017
KW1-KW2  (04/09/2017 to 04/02/2018)
Starting block
Course mode
RemarksThis is the 5 ec course for the TRU/e Security master. The 6 ec course for the old programme is NWI-ISOFSE.
Registration using OSIRISYes
Course open to students from other facultiesYes
Waiting listNo
Placement procedure-
At the end of the course students
  • can explain the common ways in which software security fails;
  • are able to identify security objectives of applications and identify likely places where they might fail;
  • can explain methods and technologies that can help in the development of secure software;
  • can apply some of these techniques in practice.
Concrete examples of attacks and countermeasures are often specific to a certain setting (a programming language and/or type of application); the aim provide enough insight to be able to assess problems and proposed solutions in other situations.
Bad software is probably the most important cause of computer security problems. This course is about the challenges in developing secure software and the technologies that can be used to improve software security, at the various stages in the software development life-cycle, and at various "levels", eg. specific to an individual application or at the level of the programming language.
Lecture notes are available for part of the course. Selected articles on other topics treated in the course are made available via the course webpage.
Interesting background material to read are the books

• Building Secure Software, by John Viega and Gary McGraw. Addison-Wesley, 2002.
• Secure Coding: Principles & Practices, by Mark G. Graff and Kenneth R. van Wyk. O'Reilly, 2003.
• The 24 Deadly Sins of Software Security, by Michael Howard, David LeBlanc and John Viega, McGraw-Hill, 2009.

which all available in the library.
Teaching formats

• 32 hours lecture
• 40 hours group project work without guidance
• 6 hours individual project work without guidance
• 62 hours individual study period

Extra information teaching methods: Weekly lectures and project assignments.The project work consists of assignments in which students analyse more or less realistic pieces of code for potential security flaws using various techniques and tools.
Additional comments
This course is an obligatory course in the security master specialisation. As of 2015, it is 5 ec. Students who need 6 ec to complete their curriculum can obtain an extra ec by doing some project work in relation to this course of the specialisation they are taking.
• Common security vulnerabilities, such as input validation problems (buffer overflows, SQL injections, etc.), race conditions, broken access control, XSS, CSRF, etc.
• Security measures in the software development life cycle: architecture, language/platform, implementation, testing, code review
• Language-based security: typing, (Java) sandboxing, untrusted code security
• Language-theoretic Security (LangSec)
• (Tool-supported) Static Analysis
• Examples of advanced type systems, e.g. for alias control or information flow
• Program Verification and Proof-Carrying Code (PCC)
• Security testing
Test information
Written exam and project work
Programming skills, in particular basic knowledge of C(++) and Java.
Recommended materials
Lecture notes are available for part of the course.
Selected articles on other topics treated in the course are made available via the course webpage
Instructional modes
Course occurrence

Test weight1
OpportunitiesBlock KW2, Block KW4

Kies de Nederlandse taal