HTWG Konstanz, study programmes: AIN Angewandte Informatik, WIN Wirtschaftsinformatik, electives catalogue of other study programmes
Offered every semester
3+3 ECTS (=90+90 hours of student work), 1+1 SWS lectures, 1+1 SWS exercises
Moodle page: https://moodle.htwg-konstanz.de/moodle/course/view.php?id=2490
Foundations of IT Security is offered in two forms:
- WIN students take Introduction to IT Security (3 ECTS, 1+1 SWS) as part of the module IT Operations („IT-Betrieb“) in their 4th semester.
- AIN students take IT-Security („IT-Sicherheit“; 6 ECTS, 2+2 SWS) as a module comprising Introduction to IT Security and Software Security in their 5th-7th semester in the software engineering specialisation of the study programme. The module is offered in the summer term only.
- Starting summer term 2021, all AIN students take Foundations of IT Security (6 ECTS, 2+2 SWS) as a module comprising Introduction to IT Security and Software Security in their 5th semester. The module will then be offered every semester.
Introduction to IT Security covers
- Goals and Principles – Data Protection, Privacy By Design, Design Principles for Secure Systems
- Security Management – ISO2700x, BSI base protection, HR Security, Physical Security, SSDLC, Common Criteria, CVE
- Authentication – User Authentication, Passwords, Tokens, Strength of Mechanism, PKI
- Secure Operating Environments – OS Security, Access Control [DAC, RBAC, ABAC, MAC], Malware, Antivirus, Trusted Computing, Software patching
- Cryptographic Primitives and Algorithms – Symmetric Encryption, Asymmetric Encryption, AES
- Applications of Cryptography – RSA, (ECC), Digital Signatures, Electronic Signatures
- Network Security – Email Security, PKI, TLS, DH, IPv6 Security, DoS, IDS, Firewalls, Wireless Security
Software Security covers
- Software Vulnerabilities – Vulnerability Taxonomies, CWE, OWASP Top 10
- Offensive Security – CAPEC, Combination of Attacks, Violation of Assumptions, Attack Vectors, CTF
- Secure Programming – Input Handling, Defensive Programming, Threat Analysis, Data Flow Analysis, List of Banned Functions,
- Source Code Analysis – Supply Chain, Dependencies, Code Review, Code Inspection, Strategies/Arbitrage, Data Flow Analysis, Vulnerability Patterns, Tools, Automation, False Positives
- Security Testing – Black Box/Grey Box/White Box, Absence/Presence of Vulnerabilities, Structured Testing, Abuse Cases, Penetration Testing, Fuzzing
- Secure Software Development Lifecycle – Principles, Practices, Activities, Integration into Development Processes, BSIMM, Software Delivery and Integrity
- Software Maintenance – Greenfield/Brownfield, Third-party Dependencies, Reliability/Security Risk Analysis, Application Firewalls, Software Patching, Patch Delivery, Patch Security, Patching and Evaluation, Incident Management and Forensics, Root Cause Analysis