Foundations of IT Security (Grundlagen der IT-Sicherheit)

HTWG Konstanz, study programmes: AIN Angewandte Informatik, WIN Wirtschaftsinformatik, electives catalogue of other study programmes

Offered every semester

3+3 ECTS (=90+90 hours of student work), 1+1 SWS lectures, 1+1 SWS exercises

Moodle page:

Foundations of IT Security is offered in two forms:

  • WIN students take Introduction to IT Security (3 ECTS, 1+1 SWS) as part of the module IT Operations („IT-Betrieb“) in their 4th semester.
  • AIN students take IT-Security („IT-Sicherheit“; 6 ECTS, 2+2 SWS) as a module comprising Introduction to IT Security and Software Security in their 5th-7th semester in the software engineering specialisation of the study programme. The module is offered in the summer term only.
  • Starting summer term 2021, all AIN students take Foundations of IT Security (6 ECTS, 2+2 SWS) as a module comprising Introduction to IT Security and Software Security in their 5th semester. The module will then be offered every semester.

Introduction to IT Security covers

  1. Goals and Principles – Data Protection, Privacy By Design, Design Principles for Secure Systems
  2. Security Management – ISO2700x, BSI base protection, HR Security, Physical Security, SSDLC, Common Criteria, CVE
  3. Authentication – User Authentication, Passwords, Tokens, Strength of Mechanism, PKI
  4. Secure Operating Environments – OS Security, Access Control [DAC, RBAC, ABAC, MAC], Malware, Antivirus, Trusted Computing, Software patching
  5. Cryptographic Primitives and Algorithms – Symmetric Encryption, Asymmetric Encryption, AES
  6. Applications of Cryptography – RSA, (ECC), Digital Signatures, Electronic Signatures
  7. Network Security – Email Security, PKI, TLS, DH, IPv6 Security, DoS, IDS, Firewalls, Wireless Security

Software Security covers

  1. Software Vulnerabilities – Vulnerability Taxonomies, CWE, OWASP Top 10
  2. Offensive Security – CAPEC, Combination of Attacks, Violation of Assumptions, Attack Vectors, CTF
  3. Secure Programming – Input Handling, Defensive Programming, Threat Analysis, Data Flow Analysis, List of Banned Functions,
  4. Source Code Analysis – Supply Chain, Dependencies, Code Review, Code Inspection, Strategies/Arbitrage, Data Flow Analysis, Vulnerability Patterns, Tools, Automation, False Positives
  5. Security Testing – Black Box/Grey Box/White Box, Absence/Presence of Vulnerabilities, Structured Testing, Abuse Cases, Penetration Testing, Fuzzing
  6. Secure Software Development Lifecycle – Principles, Practices, Activities, Integration into Development Processes, BSIMM, Software Delivery and Integrity
  7. Software Maintenance – Greenfield/Brownfield, Third-party Dependencies, Reliability/Security Risk Analysis, Application Firewalls, Software Patching, Patch Delivery, Patch Security, Patching and Evaluation, Incident Management and Forensics, Root Cause Analysis