Startseite > Fachgruppen > Softwaretechnik > Lehre > Vorlesungsarchiv > WS 2016/17 > Secure Software Engineering WS2016/2017

Secure Software Engineering WS2016/2017

Course material

The slides and exercise sheets will be uploaded after each lecture on the course's KoaLA page.

Final Exam

Date and Time:

Thursday, March 2nd, 9:00


L1 and L1.202

We provide a seating plan in koaLA. Please check this plan to find your room and seat number.

Further Information:

  • The exam will be given in English. Answers in German will be permitted.
  • The use of a English-Deutsch dictionary is permitted.

Time and place

The teaching language will be English. Questions in German will be permitted.
The exam will be given in English. Answers in German will be permitted.


Tue 16:00-18:00 at D2

A preliminary schedule is available here.

Exercise classes:

The exercise classes will be held every two weeks.

Tue 11:00-13:00 at N 4 232 - starting: 08.11
Tue 14:00-16:00 at B 2 - starting: 08.11
Thu 14:00-16:00 at Q 1 219 - starting: 27.10

Registering and asking questions

To attend the course, you have to register in the PAUL system as a participant. To ask questions, please use the discussion forum in KOALA, so that others can benefit from the answers as well.


What does it take to engineer software systems securely? This is the key question we wish to address in this course. Answering it requires to develop an understanding of the following key areas of secure software engineering: threat modeling, secure design, secure coding, security validation, secure deployment and maintenance. In this course we will be covering those areas in an example-driven style, discussing current techniques applicable to those areas and lessons learned from concrete real-world security breaches.


Participants are expected to have completed or nearly completed the first section of the Bachelor degree. On top of that there are no special prerequisites for this course.


In each lecture we will (1) discuss one or two "Vulnerabilities of the day" and (2) discuss crucial elements of a Secure Software Development Lifecycle, including:

  • Threat modeling
  • Risk analysis
  • Architectural security
  • Secure coding
  • Secure configuration and deployment
  • Updates and maintenance

Learning outcomes

After having attended this course, participants will have developed a solid understanding of the most important aspects of secure software engineering. This includes the ability to identify and model threats to software systems, to avoid the most common classes of vulnerabilities, and to identify and apply techniques and tools to avoid or identify the introduction of security vulnerabilities.

Recommended reading material

We will not be able to provide a script for this course.
However, a lot of the topics are also covered in the book:

Gary McGraw Software Security: Building Security which you can access within the university network.