Courses Starting Autumn 2020

Responsible: Tony Gorschek – Blekinge Institute of Technology

Experience of programming and design of software-intensive products and services are desirable.

The purpose of this course is to introduce areas of: layers of security, development/operations/technology security, security “built-in”, architectural security and patterns, ROI on pre-emptive security, Security risk assessment, privacy in relation to security, usability in relation to security.

Content:

The student will learn to understand the importance of taking security aspects into account already during the planning and development of software intensive product and service development. During the course, the student will be familiarized with and get practical experience from different methods to evaluate, plan, and prepare for the so-called “secure software engineering.” By taking security aspects into account as a part of product design and development, you can use different techniques and methods such as architectural patterns and good practices. Also included is to understand the different phases and aspects that are influenced by, and where good engineering influences, security – where security has to be seen in the three layers of engineering security, operational security, and technology-based security.
The course consist of the following parts:

  • Background to security and its’ influences on software engineering
    Secure software engineering
  • Secure architectures and design
  • ROI and trade-offs between security and other quality aspects such as usability
    Risk analysis
  • Introduction of infrastructure choices in relation to security
  • Introduction to how the choice of technologies and languages influences security

Learning outcomes:

  • Be able to account for the understanding of security aspects in secure software engineering
  • Be able to gain a detailed understanding of how to apply different methods to achieve security in software engineering,
    e.g., secure architectures)
  • Be able to account for how to apply initial security analysis and trade-offs in relation to security in the design and
    development of software-intensive product and service development
  • Be able to apply frameworks and methods, models and processes that are presented in the course with the purpose of
    engineering so-called “secure software”
  • Be able to evaluate and assess the appropriate applications of the frameworks and methods, models and processes that
    are presented in the course including the trade-off its application entails

Related industrial challenges addressed in the course:

  • The ability to understand the technology, operational aspects, and engineering aspects of security – albeit the focus on the course is on “engineering security”.
  • The ability to plan for “pre-emptive” security in the planning and development of products and services.
  • The ability to do a risk assessment and take ROI into account.
  • The ability to develop and use secure architectures that allows for a more stable base for products and services.
  • The ability to compare and weigh the benefits and costs of non-functional aspects in combination to security.
  • The ability to estimate how security aspects impact, and are impacted on quality-/non-functional aspects such as usability, performance and maintainability of a product.

More info:

  • Course title in Swedish: Säkerhet i mjukvaruintensiv produkt och tjänsteutveckling – en introduktion
  • Course code: PA2582 (at BTH) BTH-D5818 (at antagning.se or universityadmissions.se)
  • More information and how to apply at Blekinge Institute of Technology
  • Admission requirements: Admission to the course require at least 120 credits, of which at least 90 credits are in a technical area, and a minimum of 2
    years professional experience within an area related to software-intensive product and/or service development (shown by, for example, a work certificate from an employer).
  • Next planned instance: Autumn 2020, August-31 until 2021-January-17
  • The course will run 25% study pace, on distance

Apply Now

Responsible: Dragos Illie – Blekinge Institute of Technology

The main objective of this course is to teach students to understand and how to address various software security problems in a secure and controlled environment. 

Experience with C/C++ programming in a UNIX environment or related is desirable.

During this course the students will gain knowledge (both theoretical and practical) in various kinds of software security problems, and techniques that could be used to protect the software from security threats. The students will also learn to understand the” modus operandi” of adversaries; which could be used for increasing software dependability. 

Content
The students will also learn to understand the” modus operandi” of adversaries and recognize risky programming practices. During the course, the students will become familiar with different security mechanisms that are built into the operating systems or are provided by specific software development tools. The students will also learn to use tools and
frameworks for analysis and instrumentation of source code and binaries, that aid in detecting vulnerabilities or protect the software. The course comprises the following:
• Software security background and root causes for software vulnerabilities
• A quick introduction to assembly programming for x86-32/64 bits
• Mitigating memory corruption vulnerabilities as well as unsecure system- and library calls
• Unsecure input parsing and strategies to handle it correctly
• Tools and frameworks for instrumentation of source code and binaries
• State-of-the-art research in software security

Learning Outcomes

  • Explain how exploits for typical software vulnerabilities work.
  • Explain how protection mechanisms against a specific type of exploits work.
  •  Review executing software systems and their source code in search for security flaws.
  • Apply the security tools and frameworks for automatic vulnerability detection that were introduced during the course.
  • Evaluate the limitations of chosen measures and protection mechanisms in relation to a specific vulnerability or security
    flaw.

Related industrial challenges addressed in the course:

  • The ability to understand how attackers exploit risky programming practices
  • The ability to detect risky programming practices
  • The ability to understand and reason about efficiency and limitations in existing software security mechanisms
  • The ability to to compare and weight the benefits and costs associated with binary analysis and instrumentation techniques

More info:

  • Course title in Swedish: Programvarusäkerhet
  • Course code: DV2595 (at BTH) BTH-D5816 (at antagning.se or universityadmissions.se)
  • More information and how to apply at Blekinge Institute of Technology
  • Admission requirements: Admission to the course require at least 120 credits, of which at least 90 credits are in a technical area, and a minimum of 2
    years professional experience within an area related to software-intensive product and/or service development (shown by, for example, a work certificate from an employer).
  • Next planned instance: Autumn 2020, August-31 until 2021-January-17
  • The course will run 25% study pace, on distance

Apply Here

Responsible: Anders Carlsson – Blekinge Institute of Technology, email anders.carlsson@bth.se

Experience of operation or development of WEB applications and knowledge in HTTP, SQL, and PHP is desirable.

Web application security encompasses that the student should learn to understand and discover weaknesses and vulnerabilities in web applications both on the server side and on the client side as well as be able to develop solutions for protection and conduct tests.

Content: 

  • Basics and methods of protection in web, encryption and email protocols.
  • Web system architectures
  • Web attacks and vulnerabilities
  • Authentication / Authorization
  • Client attacks and protection in modern browsers
  • Server attacks, such as remote command execution.
    – Attack techniques and avoidance of protection, such as code reuse attacks different version of vulnerabilities and attacks such as in-band, blind, out-of-band and second-order.
  • Enumeration attacks and disclosure and leakage of information
  • Remote command execution
  • Disclosure and leakage of information
  • Logical attacks
  • Development of protected sites
  • Open Web Application Security Project (OWASP) is used for implementation / testing
  • Security review of a WEB site

Learning Outcomes:

  • be able to explain web protocols based on known vulnerabilities and weaknesses
  • be able to describe the Common Vulnerability Scoring System (CVSS) 
  • be able to explain web protocols based on known vulnerabilities and weaknesses
  • be able to explain the security aspects when using languages and framework, eg. PHP, JavaScript, and SQL
  • be able to explain authentication mechanisms and counter techniques to bypass authentication
  • understand Cross-site scripting (XSS) attacks and SQL injections
  • be able to explain impacts of one or more combined vulnerabilities that limit or extend the damage given
  • be able to install and configure the web server for high security independently
  • be able to use and search open vulnerability databases (Comon Vulnerability databases CV -DB)
    to prevent and find security problems
  • be able to use best practice of known design patterns for secure web applications
  • be able to utilize OWASP where applicable
  • be able to conduct internal and external penetration testing of web applications and related infrastructure

Related industrial challenges addressed in the course:

More info:

  • Course title in Swedish: Säkerhet i Webbsystem
  • Course code: DV2596 (at BTH) BTH-D5817(at antagning.se or universityadmissions.se)
  • More information and how to apply at Blekinge Institute of Technology
  • Admission requirements: Admission to the course require at least 120 credits, of which at least 90 credits are in a technical area, and a minimum of 2
    years professional experience within an area related to software-intensive product and/or service development (shown by, for example, a work certificate from an employer).
  • Next planned instance: Autumn 2020, August-31 until 2021-January-17
  • The course will run 25% study pace, on distance

Apply Now

Entry Requirements

PROMIS courses requires at least 120 credits, of which at least 90 credits are in a technical area, and a minimum of 2 years professional experience within an area related to software-intensive product and/or service development (shown by, for example, a work certificate from an employer).

Even if you don’t have the formal academic merits, you might be qualified for the course through validation. See more info below.

How to Apply and How to complete and Employer’s certificate

Apply via antagning.se or universityadmission.se – application will be open until 1st September

Download a template below and add your personal details and your employer’s signature. You should then upload the certificate togheter with your course application on antagning.se

More information about how to apply at the bottom of the page!

How to apply for PROMIS courses

Visit antagning.se / universityadmission.se and perform the following steps:

  1. Create a user account
  2. Search for the PROMIS courses by the name of the course or use the link in the course description on this site.
  3. Fill out and send in your application.
  4. Upload your required documents (including your Employer’s certificate for eligibility).
  5. Check your e-mail for any messages regarding your application. If you for example need to make up missing requirements you will receive an e-mail and you must check your application on antagning.se
  6. Reply to any offers of admission.

How to apply without having the academics merits needed to meet the entry requirements?

Even if you don’t have the formal academics merits needed for a specific PROMIS course, your background may make it possible for you to be qualified for the course through validation.

Validation is “a process of a structured assessment, valuing, documentation and recognition of knowledge and competences that an individual has gained, irrespective of how they have been acquired”. (Government definition DS 2003:23)

This means an assessment of an individual’s knowledge and competence, regardless how, where or when they were acquired – in the formal education system or in some other way in Sweden or abroad, just recently or a long time ago.

If you think your knowledge and competences will qualify you for a PROMPT course, you must fill in the form “Blankett för bedömning av reell kompetens och undantag” see https://www.antagning.se/globalassets/broschyrer-och-cases/uhr-reko-blankett_2019.pdf

For the corresponding form in English, visit http://www.promptedu.se/promptwp/wp-content/uploads/2015/11/reell_kompetens_blankett_en-GB.pdf and upload your CV, with description of your professional background. Your CV must describe your knowledge and competences in relation to the entry requirements. If we need more information from you, we will contact you.

For more information, please contact Anna Eriksson, aes@bth.se

I want to apply to a PROMPT course, but the deadline at antagning.se has passed?When the last day to apply has passed, it is still possible to submit a late application to courses, but please note that this only applies for courses that are open for a late application.

Once I get accepted for a course within PROMIS, what do I need to do next?You will receive a letter of admission with information regarding how to participate in a PROMIS course. It is important that you follow the instructions given in the letter of admission.What is a ‘Credit’ (‘hp’)?Credits (‘Högskolepoäng’ in Swedish) are a way to measure the length and scope of academic studies. 1.5 credits correspond to one week of full-time studies (40 hours).

A course of 7.5 credits corresponds to 200 hours of studies. PROMPT courses are normally run at a pace of 25%, which means that a course of 7.5 credits or 200 hours is run over a full semester.