= SOSEC - Software Security = == Level == Advanced level - Second cycle course == Required knowledge == In order to take this course the student must have: * 7,5 credits in information security, for example the course ML470C Introduction to Information Security. * 90 credits in Computer and Systems Sciences or equivalent. == Short description == You will learn: Principles for designing and building secure software and e-services. * Security lifecycle: models and processes * Standards, methods, and mechanisms * Software threats and vulnerabilities * Security of modern operating systems * Secure software design principles * Secure coding principles * Verification and validation == Aim == After the course the student should be able to: * Communicate an understanding of the important methods, roles and resources for the development of secure software. * Describe common vulnerability causes, effects and ways to mitigate vulnerabilities and their effects. * Demonstrate knowledge of the relationship between the studied model and similar models. * Explain how international standards can help in the process of creating secure and reliable software. == Syllabus == In the problem of how to create secure and reliable software different relevant phenomena are studied, such as: * Secure software development processes (such as CLASP, Microsoft SDL, McGraw's 7 Touchpoints). * Computerised tools supporting the different steps and activities of these development processes (such as Static Code Checking, fuzz-testing tools). * Statistics about and compilations of known vulnerabilities, and specific methods to prevent them (such as CVE, OWASP Top Ten). * Secure architectures (such as security kernels, Trusted Computing, but also specific prevention frameworks and architectures such as ASLR). * Methods and standards for determining the reliability of secure software and those who create them (such as the Common Criteria, SSE-CMM, ISO/IEC 27034). The course follows the various stages of a selected development to illustrate the roles and relevance of such phenomena.