Part of the
Cyber Security
TU DelftTU EindhovenUniversity of TwenteWageningen University
Cyber Security


+31(0)6 48 27 55 61



4TU.CybSec Syllabus Software Security until 2015/2016(SoS)

Credits: 5EC


Synopsis: The course studies the nature of security vulnerabilities in software systems, the techniques to detect and prevent these problems, and the embedding of these techniques in a security-aware software development process.

Learning outcomes: The student will acquire:


Examination: Written exam in WebLab (can be done on multiple sites) and homework (programming) assignments.

Contents: Software Security Vulnerabilities (buffer overflows, integer overflows, SQL injection, cross-site scripting (XSS), race conditions, bad randomness, information exposure), Principles of Secure Programming (threat modeling, defense in depth, least privilege, small/simple trusted computing base, secure failures, secure defaults, attack surface and reducing it, check lists and coding standards, code reviews); Input Validation (preventing injection attacks, XSS); Language-Based Security (memory safety, type safety, access control); Modeling Language-Based Security (static semantics, types, type checking, dynamic semantics, type soundness); Static Analysis (static analysis techniques, data flow analysis, control flow analysis); Information Flow (least privilege)

Core text: Papers & a book such as “Software Security: Building Security In” by Gary McGraw (to be confirmed)