SoS

4TU.CybSec Syllabus Software Security (SoS)
4TU Delft
4TU Eindhoven
4TU Twente
4TU Wageningen

Credits: 5EC

Delivery: This course is not tele-lectured.

Pre-requisites: Basic knowledge of programming in C; basic knowledge of operating systems & compilers.

Synopsis: The course studies the nature of security vulnerabilities in software systems, the techniques to detect and prevent these problems by proper programming and programming languages, and their embedding in a security-aware software development process.

Learning outcomes: The student will acquire:

  • A good understanding of the nature of security vulnerabilities in software systems
  • A basic understanding of principles for secure software development and language-based security concepts
  • A good understanding of static and dynamic program analysis techniques and security testing 

Lecturer: Dr Erik Tews (UT/EWI)

Examination: Written exam and homework (programming and/or program analysis) assignments.

Contents:

  • Software Security Vulnerabilities (buffer and integer overflows, return oriented programming, code injection (SQL, XSS), race conditions, information exposure);
  • Principles of Secure Programming (threat modeling, small/simple trusted computing base, coding standards for secure defaults & failures, least privilege, preventing injection attacks by input validation);
  • Language-Based Security (memory & type safety, access control, static and dynamic semantics, type soundness);
  • Static Analysis Techniques (control, data & information flow analysis, fuzzing and penetration testing, symbolic execution).

Core text: Book: “Software Security: Building Security In” by Gary McGraw; Papers & online-material.

Credits: 5EC

Delivery: This course is not tele-lectured.

Pre-requisites: Basic knowledge of programming in C; basic knowledge of operating systems & compilers.

Synopsis: The course studies the nature of security vulnerabilities in software systems, the techniques to detect and prevent these problems by proper programming and programming languages, and their embedding in a security-aware software development process.

Learning outcomes: The student will acquire:

  • A good understanding of the nature of security vulnerabilities in software systems
  • A basic understanding of principles for secure software development and language-based security concepts
  • A good understanding of static and dynamic program analysis techniques and security testing 

Lecturer: Dr Erik Tews (UT/EWI)

Examination: Written exam and homework (programming and/or program analysis) assignments.

Contents:

  • Software Security Vulnerabilities (buffer and integer overflows, return oriented programming, code injection (SQL, XSS), race conditions, information exposure);
  • Principles of Secure Programming (threat modeling, small/simple trusted computing base, coding standards for secure defaults & failures, least privilege, preventing injection attacks by input validation);
  • Language-Based Security (memory & type safety, access control, static and dynamic semantics, type soundness);
  • Static Analysis Techniques (control, data & information flow analysis, fuzzing and penetration testing, symbolic execution).

Core text: Book: “Software Security: Building Security In” by Gary McGraw; Papers & online-material.

SoS

Credits: 5EC

Delivery: This course is not tele-lectured.

Pre-requisites: Basic knowledge of programming in C; basic knowledge of operating systems & compilers.

Synopsis: The course studies the nature of security vulnerabilities in software systems, the techniques to detect and prevent these problems by proper programming and programming languages, and their embedding in a security-aware software development process.

Learning outcomes: The student will acquire:

  • A good understanding of the nature of security vulnerabilities in software systems
  • A basic understanding of principles for secure software development and language-based security concepts
  • A good understanding of static and dynamic program analysis techniques and security testing 

Lecturer: Dr Erik Tews (UT/EWI)

Examination: Written exam and homework (programming and/or program analysis) assignments.

Contents:

  • Software Security Vulnerabilities (buffer and integer overflows, return oriented programming, code injection (SQL, XSS), race conditions, information exposure);
  • Principles of Secure Programming (threat modeling, small/simple trusted computing base, coding standards for secure defaults & failures, least privilege, preventing injection attacks by input validation);
  • Language-Based Security (memory & type safety, access control, static and dynamic semantics, type soundness);
  • Static Analysis Techniques (control, data & information flow analysis, fuzzing and penetration testing, symbolic execution).

Core text: Book: “Software Security: Building Security In” by Gary McGraw; Papers & online-material.

Credits: 5EC

Delivery: This course is not tele-lectured.

Pre-requisites: Basic knowledge of programming in C; basic knowledge of operating systems & compilers.

Synopsis: The course studies the nature of security vulnerabilities in software systems, the techniques to detect and prevent these problems by proper programming and programming languages, and their embedding in a security-aware software development process.

Learning outcomes: The student will acquire:

  • A good understanding of the nature of security vulnerabilities in software systems
  • A basic understanding of principles for secure software development and language-based security concepts
  • A good understanding of static and dynamic program analysis techniques and security testing 

Lecturer: Dr Erik Tews (UT/EWI)

Examination: Written exam and homework (programming and/or program analysis) assignments.

Contents:

  • Software Security Vulnerabilities (buffer and integer overflows, return oriented programming, code injection (SQL, XSS), race conditions, information exposure);
  • Principles of Secure Programming (threat modeling, small/simple trusted computing base, coding standards for secure defaults & failures, least privilege, preventing injection attacks by input validation);
  • Language-Based Security (memory & type safety, access control, static and dynamic semantics, type soundness);
  • Static Analysis Techniques (control, data & information flow analysis, fuzzing and penetration testing, symbolic execution).

Core text: Book: “Software Security: Building Security In” by Gary McGraw; Papers & online-material.