Blekinge Institute of Technology, BTH, has a distinctive focus on the digitalisation of society and sustainability.<br> BTH’s task is to contribute to a more sustainable societal development through higher education, research and innovation. BTH conducts education and research in fields in which society has major needs.<br> Through international excellence, we contribute to digital and sustainable transformation. As an institute of technology, we have a responsibility and a unique opportunity to make our contribution to both regional and national competitiveness and to global sustainability.<br> External engagement with wider society and the private sector contribute to making us more attractive and ensuring that our education and research maintain high quality and relevance.<br>
This course is targeting software professionals who aim to improve the security of the applications and services they develop through the use of cryptographic algorithms. The main focusof the course will be on how to address the main goals of information security, confidentiality, integrity, availability, authenticity and accountability (CIA++) from a practical perspective. The course will introduce specific frameworks that can be used to implement these features using different programming languages, such as C/C++, Python and Java. In addition, the course will highlight typical pitfalls related to the implementation of these security functions.
This course is focused on how security as a field impacts and can be applied during the engineering of software products following continuous processes -especially agile and DevOps. The course aims to cover how to drive a secure agile and DevOps lifecycle with focus on the following components:• People: Enablement of agile teams for security through awareness, training and coaching• Processes: Introduction of security activities into agile and scaled agile development process such as Scrum or SAFe. Activities are based on relevant industry security standards• Technology: Description of security tools and technologies that can automate security activities in the agile & DevOps way of working, e.g.CI/CD Pipelines.
The course provides knowledge and skills needed for defending critical infrastructure against cyber attacks. The example if such attack is Blackenergy cyberattack on the Ukrainian electrical grid in 2015 by Sandworm group (Russian GRU). This course covers security in SCADA and cyberphysical systems (CPS) as well as the regulations and standards that are applicable that helps to ensure an audit trail.
According to the OWASP about 75% of vulnerabilities are actually application related. However, the consideration of security aspects during the various phases of software development is still in its infancy in many organizations and the potential of security by design to build high-quality software components is not exploited. Therefore, this course provides software project managers, product owners or software architects with knowledge and skills on how to successfully integrate and continuously improve security practices in traditional and agile development processes. It teaches how to assess and apply security practices in a risk-based way during the analysis, design, implementation, verification, and operation of software products, systems and services in all types of organizations.
Web application security encompasses that the student should learn to understand and discover weaknesses and vulnerabilities in web applications both on the server side and on the client side as well as be able to develop solutions for protection and conduct tests.The course is given in 50% study pace on distance.