Kies de Nederlandse taal
Course module: NWI-ISOFSE
Software Security
Course infoSchedule
Course moduleNWI-ISOFSE
Credits (ECTS)6
CategoryMA (Master)
Language of instructionEnglish
Offered byRadboud University; Faculty of Science; Informatica en Informatiekunde;
Coordinator ( results:y LMS:y)
dr. ir. E. Poll
Other course modules lecturer
dr. ir. E. Poll
Other course modules lecturer
Contactperson for the course
dr. ir. E. Poll
Other course modules lecturer
Lecturer (study guide:y results:y LMS:y)
dr. ir. E. Poll
Other course modules lecturer
Academic year2018
KW1-KW2  (03/09/2018 to 27/01/2019)
Starting block
Course mode
RemarksThis is the 6EC course. For students taking the TRU/e Security master there is a 5 EC version of this course, NWI-IMC051
Registration using OSIRISYes
Course open to students from other facultiesYes
Waiting listNo
Placement procedure-
At the end of the course students
  • can explain the common ways in which software security fails;
  • are able to identify security objectives of applications and identify likely places where they might fail;
  • can explain methods and technologies that can help in the development of secure software;
  • can apply some of these techniques in practice.
Concrete examples of attacks and countermeasures are often specific to a certain setting (a programming language and/or type of application); the aim provide enough insight to be able to assess problems and proposed solutions in other situations.

Bad software is probably the most important cause of computer security problems. This course is about the challenges in developing secure software and the technologies that can be used to improve software security, at the various stages in the software development life-cycle, and at various "levels", eg. specific to an individual application or at the level of the programming language.

Additional comments
This is the 6 EC course. For students taking the TRU/e Security master there is a 5EC version of this course, NWI-IMC051.
• Common security vulnerabilities, such as input validation problems (buffer overflows, SQL injections, etc.), race conditions, broken access control, XSS, CSRF, etc.
• Security measures in the software development life cycle: architecture, language/platform, implementation, testing, code review
• Language-based security: typing, (Java) sandboxing, untrusted code security
• Language-theoretic security (LangSec)
• Information flow
• (Tool-supported) Static Analysis
• Examples of advanced type systems, e.g. for alias control or information flow
• Program Verification and Proof-Carrying Code (PCC)
• Security testing
Test information
The final grade is based on a written exam and marks for the project assignments.
Programming skills, in particular basic knowledge of C(++) and Java.
Required materials
Lecture notes are available for part of the course
Selected articles on other topics treated in the course are made available via the course webpage
Instructional modes
Course occurrence


Attendance MandatoryYes



Test weight5
Test typeExam
OpportunitiesBlock KW2, Block KW3

Group assignment
Test weight4
Test typeAssignment
OpportunitiesBlock KW2

Individual assignment
Test weight1
Test typeAssignment
OpportunitiesBlock KW2

Kies de Nederlandse taal