Close Help Print Course module: NWI-ISOFSE NWI-ISOFSE Software Security Course info Schedule Course module NWI-ISOFSE Credits (ECTS) 6 Category MA (Master) Language of instruction English Offered by Radboud University; Faculty of Science; Informatica en Informatiekunde; Lecturer(s) Coordinator dr. ir. E. Poll Other course modules lecturer Lecturer dr. ir. E. Poll Other course modules lecturer Contactperson for the course dr. ir. E. Poll Other course modules lecturer Examiner dr. ir. E. Poll Other course modules lecturer Academic year 2019 Period KW1-KW4   (02/09/2019 to 30/08/2020) Starting block KW1 Course mode full-time Remarks This is the 6EC course. For students taking the TRU/e Security master there is a 5 EC version of this course, NWI-IMC051 Registration using OSIRIS Yes Course open to students from other faculties Yes Pre-registration No Waiting list No Placement procedure - Aims At the end of the course students can explain the common ways in which software security fails; are able to identify security objectives of applications and identify likely places where they might fail; can explain methods and technologies that can help in the development of secure software; can apply some of these techniques in practice. Concrete examples of attacks and countermeasures are often specific to a certain setting (a programming language and/or type of application); the aim provide enough insight to be able to assess problems and proposed solutions in other situations.   Content Software is THE most important cause of computer security problems. This course is about the challenges in developing secure software and the technologies that can be used to improve software security, at the various stages in the software development life-cycle, and at various "levels", eg. specific to an individual application or at the level of the programming language.   Level Presumed foreknowledge Programming skills, in particular basic knowledge of C(++) and Java. Test information The final grade is based on a written exam and marks for the project assignments. Specifics This is the 6 EC course. For students taking the TRU/e Security master there is a 5EC version of this course, NWI-IMC051. Additional comments This is the 6 EC course. For students taking the TRU/e Security master there is a 5EC version of this course, NWI-IMC051. Topics • Common security vulnerabilities, such as input validation problems (buffer overflows, SQL injections, etc.), race conditions, broken access control, XSS, CSRF, etc. • Security measures in the software development life cycle: architecture, language/platform, implementation, testing, code review • Language-based security: typing, (Java) sandboxing, untrusted code security • Language-theoretic security (LangSec) • Information flow • (Tool-supported) Static Analysis • Examples of advanced type systems, e.g. for alias control or information flow • Program Verification and Proof-Carrying Code (PCC) • Security testing Test information The final grade is based on a written exam and marks for the project assignments. Prerequisites Programming skills, in particular basic knowledge of C(++) and Java. Required materials Reader Lecture notes are available for part of the course Articles Selected articles on other topics treated in the course are made available via the course webpage Instructional modes Course occurrence Exam Q4 Lecture Presentation Attendance Mandatory Yes Project Resit EXam Q4 Zelfstudie Tests Exam Test weight 5 Test type Exam Opportunities Block KW2, Block KW4 Group assignment Test weight 4 Test type Assignment Opportunities Block KW2 Individual assignment Test weight 1 Test type Assignment Opportunities Block KW2 Close Help Print