Blekinge Institute of Technology, BTH, has a distinctive focus on the digitalisation of society and sustainability.<br> BTH’s task is to contribute to a more sustainable societal development through higher education, research and innovation. BTH conducts education and research in fields in which society has major needs.<br> Through international excellence, we contribute to digital and sustainable transformation. As an institute of technology, we have a responsibility and a unique opportunity to make our contribution to both regional and national competitiveness and to global sustainability.<br> External engagement with wider society and the private sector contribute to making us more attractive and ensuring that our education and research maintain high quality and relevance.<br>
Every sector of the global economy relies on software. This makes software one of the principal targets for state-sponsored groups, military, criminals and other type of adversaries. Such attacks try to exploit insecure code, that is seemingly innocent bugs, which allow the adversaries to obtain unauthorized access to information or to take full control of compromised systems. The purpose of this course is to train software professionals in understanding in depth how insecure code can be exploited. In addition, it will equip them with knowledge in how to defend against this type attacks. The course begins by analyzing technical, psychological, and real-world factors that lead to production of vulnerable code. This is important knowledge for both developers and managers as it allows them to take actions that mitigate the impact of these factors, both when programming is performed but also during project management. Software exploits use specially crafted input data to applications and services to leverage logic flaws in the code that processes the input. Typically, the exploits overwrite specific structures in the program memory space, which allows them to bypass access control mechanisms and/or execute code provided as part of the input data. Therefore, a large part of the course is dedicated to understanding how exploits are constructed, essentially learning attackers’ “modus operandi”.
Web application security encompasses that the student should learn to understand and discover weaknesses and vulnerabilities in web applications both on the server side and on the client side as well as be able to develop solutions for protection and conduct tests.