IKT522 Software Security and Ethical Hacking
- ECTS Credits:
- 7.5
- Responsible department:
- Faculty of Engineering and Science
- Course Leader:
- Christian Auby
- Lecture Semester:
- Autumn
- Teaching language:
- Norwegian (there may be some English content)
- Duration:
- 1 term
The course is connected to the following study programs
- Cyber Security, Master’s Programme
Teaching language
Norwegian (there may be some English content)Recommended prerequisites
IKT447-G Trust, Threats, Risk and Vulnerability, or the equivalent.
Basic knowledge of programming in Python (opt. C, C++ or Java) is expected. Knowledge of Linux is an advantage.
Course contents
The course gives an overview of the most common design and implementation flaws. This is seen in the context of coding standards (SEI/CERT and MISRA) and includes the use of the National Vulnerability Database, etc., CVSS rankings and CERT recommendations. There will also be a brief introduction to the programming language Rust. Rust is a modern language with mechanisms and abstractions that help prevent the most common security vulnerabilties.
Part two of the course is focused on using Kali Linux and penetration testing tools. There will be some practical hacking and there will be an emphasis on ethical aspects of hacking and penetration testing. Method and professionalism in the implementation will be given weight, including use of test and production environments.
Learning outcomes
On successful completion of the course, the students should have:
- knowledge of common principles of secure coding
- practical experience with the MISRA C (2012) embedded coding standard
- insight into the “OWASP Top 10” and similar vulnerability lists
- insight into the ethical and legal sides of hacking and pentesting
- practical experience and theoretical knowledge of Kali Linux
- practical experience with standard pentest tools
Examination requirements
Compulsory assignments and presentations must be approved. Information about compulsory assignments will be given in Canvas at the start of the course.
Teaching methods
The course includes lectures, exercises, and compulsory group work. It also includes a large project. The total expected workload is estimated to be approximately 210 hours.
Evaluation
The person responsible for the course decides, in cooperation with student representative, the form of student evaluation and whether the course is to have a midway or end of course evaluation in accordance with the quality system for education, chapter 4.1.
Offered as Single Standing Module
Yes. Subject to availability or capacity.
Admission Requirement if given as Single Standing Module
Admission requirements for the course are the same as for the master’s programme in Cyber Security, the Security Technologies profile.
Assessment methods and criteria
Project report done in groups. Individual, graded assessment. Information on the content of the project report and presentation will be given in Canvas at the start of the semester.