DV2639 - Software Security - Blekinge Institute of Technology

1. Descision

This course is established by Dean 2023-05-03. The course syllabus is approved by Head of Department of Computer Science 2026-03-04 and applies from 2026-03-04.

2. Entry requirements

Admission to the course require 30 credits in Computer Science, Software Engineering or equivalent, including courses in Basic Programming, 5 credits, Object Oriented Programming, 5 credits, Algorithms and Data structures, as well as data communication or data networks, 5 credits. English 6.

3. Objective and content

3.1 Objective

Through this course the students have the opportunity to understand and manage various software security problems in a secure and controlled environment. Risky programming patters that can be exploited for malicious purposes can cause significant financial losses and damage the reputation for organizations that use or develop vulnerable products.

3.2 Content

Background for software security and for causes for vulnerabilities in software
Short introduction to assembly programming for x86-32/64 bits microprocessors
Mitigating memory corruption vulnerabilities as well as unsecure system- and library calls
Methods to counteract insecure processing of input data
Tools for analysis of source code and binaries
Introduction to threat modelling for software

4. Learning outcomes

The following learning outcomes are examined in the course:

4.1. Knowledge and understanding

On completion of the course, the student will be able to:

Demonstrate knowledge about how to exploit for software vulnerabilities
Demonstrate knowledge about how protection mechanisms against a specific type of exploits work
Explain techniques and implementation choices that lead to secure processing of input data

4.2. Competence and skills

On completion of the course, the student will be able to:

Apply fundamental techniques for exploiting vulnerabilities in software
Configure and use protection mechanisms against software exploits
Use the tools presented in the course for analysis of source code and binaries

5. Learning activities

The teaching is organised around lectures, pre-recorded videos, together with written material, literature, research literature, and other written material. Throughout the course, communication, feedback, and discussions with teachers and fellow participants will take place through e-mail, the course’s online learning platform as well as via physical and online meetings.

6. Assessment and grading

Modes of examinations of the course

Code	Module	Credit	Grade
2610	Written Assignment 1	2.5 credits	GU
2620	Written Assignment 2	3.5 credits	GU

The course will be graded G Pass, UX Failed result, a little more work required, U Fail.

The examiner may carry out oral follow-up of written examinations.

The information before the start of the course states the assessment criteria and make explicit in which modes of examination that the learning outcomes are assessed.

An examiner can, after consulting the Disability Advisor at BTH, decide on a customized examination form for a student with a long-term disability to be provided with an examination equivalent to one given to a student who is not disabled.

7. Course evaluation

The course evaluation should be carried out in line with BTH:s course evaluation template and process.

8. Restrictions regarding degree

The course can form part of a degree but not together with another course the content of which completely or partly corresponds with the contents of this course.

9. Course literature and other materials of instruction

“Gray Hat Hacking The Ethical Hacker's Handbook”, 5th Edition, 2018 by Daniel Regalado et.al. ISBN: 9781260108422. The book in digital form is available free of charge for BTH students: https://learning.oreilly.com/library/view/gray-hat-hacking/9781260108422 (single sign-on via https://bibliotek.bth.se/databases?q=o%27reilly).

Course syllabus