TU Delft
Education Type
Education print this page print this page     
2015/2016 Electrical Engineering, Mathematics and Computer Science Master Computer Science
Software Security
Responsible Instructor
Name E-mail
Prof.dr. E. Visser    E.Visser@tudelft.nl
Contact Hours / Week x/x/x/x
0/2/0/0 lecture + lab
Education Period
Start Education
Exam Period
Course Language
Course Contents
Many security problems in software systems are due to careless use of unsafe programming techniques. Preventing security problems should be an integral part of the software development process. The course studies the nature of security vulnerabilities in software systems, the techniques to detect and prevent these problems, and the embedding of these techniques in a security-aware software development process.


Software Security Vulnerabilities: buffer overflows, integer overflows, SQL injection, cross-site scripting (XSS), race conditions, bad randomness, information exposure

Principles of Secure Programming: threat modeling, defense in depth, least privilege, small/simple trusted computing base, secure failures, secure defaults, attack surface and reducing it, check lists and coding standards, code reviews

Input Validation: preventing injection attacks, XSS

Language-Based Security: memory safety, type safety, access control

Modeling Language-Based Security: static semantics, types, type checking, dynamic semantics, type soundness

Static Analysis: static analysis techniques, data flow analysis, control flow analysis

Information Flow: least privilege
Study Goals
The student will acquire:

- A good understanding of the nature of security vulnerabilities in software systems
- A good understanding of principles for secure software development
- A basic understanding of security testing and dynamic analysis techniques
- A good understanding of static analysis techniques and language-based security
Education Method
Lectures + lab assignments
The grade for the course is determined by Exam + Lab Assignments

Written exam in WebLab (can be done on multiple sites) and homework (programming) assignments.