NDAA09031U Proactive Computer Security
The goal of this course is to familiarize the student with aspects of it-security. This course will be based on the offensive part of it-security and present the student with selected topics, whereby the student will acquire a basic knowledge of penetration testing.
At course completion, the successful student will have:
- The foundation of the internet including firewall functionality, IDS
- What is: portscanning, fuzzing, stack and heap overflow, shellcode
- Web security
- Tools used for it-security and their limitations
- Mitigation techniques
- Do reconnaissance of a given target
- Analysing simple web-services for security problems, especially injection attacks, and demonstrate how to fix them
- Do basic binary reverse engineering
- Describe and apply stack overflows and heap overflows, as well as counter mechanisms.
- Use and develop shellcode
Find and evaluate security issues using fuzzing, static analysis, reverse engineering, and auditing of the source code.
See Absalon when the course is set up.
The practical work in the course is based on command-line UNIX tools, thus you are expected to have access to a Linux box and have a working knowledge of how to use Linux via a command prompt.
- 7,5 ECTS
- Type of assessment
- Continuous assessmentContinuous assessment with six to eight written assignments. Each assignment will have equal weight towards to final grade, with the exception of the final assignment which will count as double. Submission in Absalon.
- Marking scale
- 7-point grading scale
- Censorship form
- No external censorship
Several internal examiners.
- Re/-submission of slightly modified mandatory assignments.
Criteria for exam assesment
See learning outcome.
- Practical exercises
- Project work