DEVELOPMENT SECURITY APPLICATIONS (DEVSECOPS)

Modern web applications can often be described in terms of cooperation and sharing, both on the level of the users of the application and on the level of the application and the service providers. This course covers the most prevalent security challenges of web applications, from a theoretical and practical perspective.  

The purpose of this course is to introduce security practices within the Software Development Lifecycle (SDLC) at the requirements, design, implementation, verification, and after release stages of software development. This course is the guide to the cybersecurity issues arising throughout the entire development process. We consider the development from the security perspective from the beginning stage until the final release and beyond. The course is adapted to give a solid introduction to non-security-experts mainly and addresses both how professionals (developers, managers, decision-makers) can utilize security to improve (software-based) products/services, and how they are affected by security issues and challenges. Whether you are a software developer in a bank or telecom company, or you are a product manager in a gaming company, this course will be relevant for you.

Maybe you want to connect monitoring to a truck, or why not build a connected pump control? Do you want to measure temperatures, pressures or vibrations? Do you want knowledge about how to connect one of your existing products? Then this course is for you. Do you work as an engineer in the industry and want to learn how to develop an idea with IoT? Do you work as a developer at an IT company and want to learn more about the hardware and the entire infrastructure within IoT? The course is primarily aimed at those who are professionals in the engineering profession, but you do not need to be either a programmer or an electronics engineer to take advantage of the course. The content is adapted so that you can work with your specific ideas. The course is focused on providing both theoretical and practical knowledge in the field of Internet of Things. You will gain knowledge of the area's applications and definitions, and you will learn how to build an IoT device, all the way from hardware to visualization. You will have the opportunity to practically work with hardware, sensors, as well as infrastructure and security. We will work with, among other things, WiFi, BLE, LoRaWAN, SigFox, NB-IoT / LTE-M1, as well as insight into how data is transported throughout from the device to the database and then to the application. The course will be held mostly at a distance with a couple of scheduled workshops (13/9, 6/10, 27/10) either on site or online. All lectures will be available online. The course will be delivered in a flexible way to facilitate the combination of coursework with your ongoing professional commitments. You will need to buy IoT hardware before the start of the course, the cost can be different depending on the type of project, guide value is approx: SEK 1,000. The total scope of the course is normally about 80 hours.Language of instruction: EnglishThe course is free of charge

The main objective of this course is to acquaint students with existing approaches, methods, and tools of machine Learning (ML) for security as well as unveil security issues in ML itself. This course is divided into the following two parts. First, it covers security problems in Machine Learning (ML) systems, e.g., showing various types of attacks on ML systems in an applied fashion – adversarial ML. Secondly, available methods, tools and other safeguards that could be used against the different types of attacks are covered. The course includes both theoretical introductions to the different attack types and security-enhancing methods and tools, as well as more practical hands-on assignments in Python. After the course the student will have obtained basic knowledge about security-enhancing approaches, and how to use them in order to protect against various risks in ML systems and how to use ML to detect cyber attacks.

Organisations today produce a large amount of data. This course covers how to utilize that data for cybersecurity purposes. It covers topics such as how to acquire (e.g., through SIEM) and prepare security data, from collection and storage to management and analysis as well as visualization and presentation, predicting rouge behaviors, and correlate security events. How to use data science to understand and communicate security problems.

The purpose of this course is to show how fundamental testing practices are applied in the context of secure software development. The student will learn to integrate automated software testing with different approaches to verify software security, leveraging theories from continuous quality assurance in software development, as well as security best practices.The course is adapted to give a solid introduction to non-testing experts with an interest in software security, and addresses both how professionals (developers, managers, decision-makers) can incorporate security into the quality assurance process of their products/service.