Software Security

2023/2024

Content, progress and pedagogy of the module

OBJECTIVES

  • To familiarise the student with current best-practices and state-of-the-art in tools, techniques, and processes for secure software development.
  • To enable the student to perform a wide spectrum of security activities required for secure software development.

Learning objectives

Knowledge

Must have knowledge about:

  • Relevant security goals for secure software development, including the “CIA triad”: confidentiality, integrity, and availability
  • Terminology and general concepts concerning software security
  • To know and be able to explain common use cases and pitfalls for key software security tools, techniques, and theories, as well as discuss inherent advantages vs. disadvantages in such use cases.
  • Typical and commonly occurring software security bugs and vulnerabilities
  • Common classes of programming language features that are difficult to use securely
  • Evaluation and assessment of potential security vulnerabilities

Skills

Must have the skills to:

  • conduct basic threat assessment for a small software project and based on this, propose relevant security goals
  • evaluate and select relevant countermeasures against identified threats for a small software project
  • plan and conduct an assessment of security aspects for a small software project, including review of architecture and code
  • evaluate and select relevant security mechanisms against commonly known attack forms
  • use commonly known security information sources to learn about new threats, types of threats, and concomitant countermeasures

Competences

Must have the competences to:

  • assess, evaluate, and propose new  tools, methods, and processes  for developing small software projects securely
  • understand new types of threats against software security and assess potential consequences and proposed countermeasures for existing projects.
  • understand and assess the effectiveness of new tools and techniques for secure software development.

 

Type of instruction

Types of instruction are listed at the start of §17; Structure and contents of the programme.

Exam

Exams

Name of examSoftware Security
Type of exam
Written or oral exam
ECTS5
Assessment7-point grading scale
Type of gradingInternal examination
Criteria of assessmentThe criteria of assessment are stated in the Examination Policies and Procedures

Facts about the module

Danish titleSoftware-sikkerhed
Module codeESNCYSK2K6
Module typeCourse
Duration1 semester
SemesterSpring
ECTS5
Language of instructionEnglish
Empty-place SchemeYes
Location of the lectureCampus Copenhagen
Responsible for the module

Organisation

Education ownerMaster of Science (MSc) in Engineering (Cyber Security)
Study BoardStudy Board of Computer Science
DepartmentDepartment of Computer Science
FacultyThe Technical Faculty of IT and Design