Print as pdf if you want a pdf! If you want a nicer printout, click off the browser's automatically added header and footer.
Blekinge Institute of Technology
Department of Computer Science
Revision: 2
Reg.no: BTH-4.1.14-0311-2022
Course syllabus
Software Security
Software Security
7.5 credits (7,5 högskolepoäng)
Course code: DV2620
Main field of study: Computer Science, Software Engineering
Disciplinary domain: Technology
Education level: Second-cycle
Specialization: A1N - Second cycle, has only first-cycle course/s as entry requirements
Language of instruction: English
Applies from: 2022-03-01
Approved: 2022-03-01
1. Descision
This course is established by Dean 2021-12-03. The course syllabus is approved by Head of Department of Computer Science 2022-03-01 and applies from 2022-03-01.
2. Entry requirements
För tillträde till kursen krävs 90 hp varav 40 hp inom det tekniska området varav en avklarad kurs på minst 6 hp inom programmering i C, C++ eller minst 120 hp varav minst 90 hp inom det tekniska området och minst 2 års yrkeserfarenhet inom område som är relaterat till mjukvaruintensiv produkt och/eller tjänsteutveckling (visas exempelvis genom intyg från arbetsgivare).
3. Objective and content
3.1 Objective
The main purpose of the course is to understand and manage various software security problems in a safe and controlled environment. Risky programming patterns that can be exploited for nefarious purposes can cause significant financial losses and reputational damage to organizations that use or develop vulnerable products. The knowledge and skills imparted during the course are intended to limit the above-mentioned risks and are therefore important for companies and organizations where professional software is being developed.
3.2 Content
The student will learn to understand the adversary’s “modus operandi” and to identify risky programming patterns to be avoided. During the course, the student will become familiar with various security mechanisms built into operating systems or provided by specific development tools. The student will also learn to use tools for both code and binaries for purpose to understand exploitation techniques as well as protect software. The course includes the following elements:
• Background to software security and causes of vulnerabilities in software
• Quick introduction to assembler programming for x86-32/64 bit microprocessors
• Handling vulnerabilities in memory management, in system calls and calls to library functions
• Methods and measures to counter unsafe handling of input data
• Tools for analyzing source code and binaries
• Introduction to threat modeling
4. Learning outcomes
The following learning outcomes are examined in the course:
4.1. Knowledge and understanding
- explain how software vulnerability exploitation techniques work.
- explain how protection against specific exploitation techniques in software works.
- explain techniques and implementation choices that lead to safe handling of input data.
4.2. Competence and skills
- apply the tools for analysis of source code and binaries presented during the course.
4.3. Judgement and approach
- evaluate limitations of selected measures and protection mechanisms in relation to a specific vulnerability or lack of security.
5. Learning activities
The teaching takes place in the form of lectures, recorded video material, as well as own studies of fundamentals literature, research literature and other written material. During the course, communication, feedback and discussions with teachers and other participants take place via e-mail, the course's learning platform and via physical or online meetings.
6. Assessment and grading
Modes of examinations of the course
| Code | Module | Credit | Grade |
| 2210 | Written Assignments 1 | 2.5 credits | GU |
| 2220 | Written Assignments 2 | 3.5 credits | GU |
| 2230 | Written Assignments 3 | 1.5 credits | GU |
The course will be graded G Pass, UX Failed result, a little more work required, U Fail.
The information before the start of the course states the assessment criteria and make explicit in which modes of examination that the learning outcomes are assessed.
An examiner can, after consulting the Disability Advisor at BTH, decide on a customized examination form for a student with a long-term disability to be provided with an examination equivalent to one given to a student who is not disabled.
7. Course evaluation
The course evaluation should be carried out in line with BTH:s course evaluation template and process.
8. Restrictions regarding degree
The course can form part of a degree but not together with another course the content of which completely or partly corresponds with the contents of this course.
9. Course literature and other materials of instruction
Materials such as research articles and other course material are provided on the course's learning platform and via BTHs library resources, as well as recommendations for further reading.
10. Additional information
This course replaces DV2546
This is not a legal document. If you would like a copy of the legal decision regarding this course plan, contact the registrar at Blekinge Institute of Technology.