Module Description

Module: Software Security

Courses:

TitleTypeHrs/WeekPeriod
Software SecurityLecture2Winter Semester
Software SecurityRecitation Section (small)2Winter Semester

Module Responsibility:

Prof. Dieter Gollmann

Admission Requirements:

None

Recommended Previous Knowledge:

Familiarity with C/C++, web programming

Educational Objectives:

Professional Competence

Theoretical Knowledge

Students can 

  • name the main causes for security vulnerabilities in software 
  • explain current methods for identifying and avoiding security vulnerabilities 
  • explain the fundamental concepts of code-based access control 
Capabilities

Students are capable of 

  • performing a software vulnerability analysis 
  • developing secure code 

Personal Competence

Social Competence

None

Autonomy

Students are capable of acquiring knowledge independently from professional publications, technical standards, and other sources, and are capable of applying newly acquired knowledge to new problems.

ECTS-Credit Points Module:

6 ECTS

Examination:

Written exam

Workload in Hours:

Independent Study Time: 124, Study Time in Lecture: 56


Course: Software Security

Lecturer:

Dieter Gollmann

Language:

English

Period:

Winter Semester

Content:

  • Reliabilty and Software Security
  • Attacks exploiting character and integer representations
  • Buffer overruns
  • Vulnerabilities in memory managemet: double free attacks
  • Race conditions
  • SQL injection
  • Cross-site scripting and cross-site request forgery
  • Testing for security; taint analysis
  • Type safe languages
  • Development proceses for secure software
  • Code-based access control

Literature:

M. Howard, D. LeBlanc: Writing Secure Code, 2nd edition, Microsoft Press (2002)

G. Hoglund, G. McGraw: Exploiting Software, Addison-Wesley (2004)

L. Gong, G. Ellison, M. Dageforde: Inside Java 2 Platform Security, 2nd edition, Addison-Wesley (2003)

B. LaMacchia, S. Lange, M. Lyons, R. Martin, K. T. Price: .NET Framework Security, Addison-Wesley Professional (2002)

D. Gollmann: Computer Security, 3rd edition (2011)