Each module contains 3 ECTS. You choose a total of 10 modules/30 ECTS in the following module categories:
- 12-15 ECTS in technical scientific modules (TSM)
TSM modules teach profile-specific specialist skills and supplement the decentralised specialisation modules. - 9-12 ECTS in fundamental theoretical principles modules (FTP)
FTP modules deal with theoretical fundamentals such as higher mathematics, physics, information theory, chemistry, etc. They will teach more detailed, abstract scientific knowledge and help you to bridge the gap between abstraction and application that is so important for innovation. - 6-9 ECTS in context modules (CM)
CM modules will impart additional skills in areas such as technology management, business administration, communication, project management, patent law, contract law, etc.
In the module description (download pdf) you find the entire language information per module divided into the following categories:
- instruction
- documentation
- examination
This module teaches two aspects of IT security. The first part deals with secure software, focusing on developing secure software and exploiting defects in software. The second part deals with several advanced security technologies, which includes authentication, access control, network security devices, and operating system security.
Prerequisites
This module assumes that students have a working knowledge of basic security technologies such as cryptology, secure communication protocols, and access control mechanisms (which amounts to approx. a 4 ECTS bachelor module). See e.g.: William Stallings, Network Security Essentials: Applications and Standards. We also assume that students have a working knowledge in a general purpose programming language such as Java, C, or similar and are familiar with modern software development processes.
Learning Objectives
- The students know and understand the secure development lifecycle and are capable of developing secure software.
- The students can analyze software with respect to security and can exploit vulnerabilities.
- The students can employ threat modeling to identify threats and use this to define security requirements.
- The students know and understand advanced authentication and access control methods including identity federations.
- The students understand the underlying principles of application layer firewalls and intrusion detection/prevention systems.
- The students are able to apply the current network access control standards to establish trust in client platforms.
Contents of Module
The module consists of 2 main topics, Software Security and Security Technologies. Each covers 6-8 weeks.
- Main topic 1: Software Security. The skills taught here are applicable to any software project and therefore include web applications, web services, and mobile applications.
- Introduction to software security (motivation, secure development lifecycle)
- Finding and exploiting vulnerabilities in software (e.g. web applications) by combining manual methods and tools
- Developing secure software (e.g. web applications and web services)
- Security requirements engineering and threat modeling
- Main topic 2: Security Technologies. The skills taught here are applicable to a wide range of scenarios, and include Internet and operating system security.
- Advanced access control and authentication methods and federated identities
- Application level firewalls and intrusion detection/prevention systems
- Internet security, e.g., network access control
- Operating system security and trusted platforms
Teaching and Learning Methods
- Lecture: Ex cathedra teaching
- Exercises/self-study: reading texts about security topics, some self-study, mainly about web application development frameworks; practical exercises (computer-based); theoretical exercises
Literature
Lecture slides, references to Internet sources and textbooks
Download full module description
Back