This is an introductory course on information security. The course focuses on introductory aspects of analysis, design and implementation of secure software.
Security is a fundamental aspect that is necessary to take care of in today's development of software.
The student taking this course will have an introductory knowledge on attacker models, cryptographic tools and principal security protocol from real-world scenarios.
The course addresses four major topics:
- The principal security requirements and attacker models
- The fundamental cryptographic tools in Information Security
- Primary security protocols and Internet standards (PKI, TLS)
- Practical techniques for penetrating and hardening IT-systems
Before taking this course you must:
- be familiar with computer networks
- be superficially familiar with scripting languages
- be familiar with the SQL query language
- know basic algorithms and data structures
- have implemented at least two medium-size programming projects (7.5 ECTS each)
- be able to design, implement, and test medium-sized programs in Java or C# or other mainstream languages.
- be familiar with basic discrete mathematics
Fourth-semester BSWU students fulfil these requirements. Otherwise, individual requirements can be satisfied by taking the BSWU courses or equivalent courses: (1) Mobile and Distributed systems, (3) Introduction to Database Design, (4) Algorithms and Data Structures, (5,6) Analysis, Design and Software Architecture, (7) Foundations of Computing - Discrete Mathematics.
Intended learning outcomes
After the course, the student should be able to:
- Identify, list, and discuss major principles of IT security
- Apply and relate those principles to the securing of networked server installations
- List and analyse standard attacks, especially on web applications in particular
- Describe and explain intrusion detection
- Identify, list, and explain common security pitfalls of web applications
- Identify, describe and explain basic computer forensics techniques
- Identify and describe the proper use of cryptography in security
- Analyse an IT-system for security risks and reflect on potential improvements of the system
Ordinary examExam type:
A: Written exam on premises, external (7-trinsskala)
A11: Written exam on premises. Open book exam.