Academic year 2018/2019 Syllabus of previous years
Official course title SECURITY 2
Course code CM0475 (AF:274861 AR:159102)
Modality Blended (on campus and online classes)
ECTS credits 6 out of 12 of SECURITY
Degree level Master's Degree Programme (DM270)
Educational sector code INF/01
Period 2nd Semester
Course year 1
Moodle Go to Moodle page
Contribution of the course to the overall degree programme goals
This course aims at introducing basic concepts and techniques for the development of secure systems and networks. In the first part of the course, we will cover program exploitation, system, network and web security. In the second part of the course, we will apply the theory in a laboratory of "ethical hacking" in which students will have to attack other teams while defending their own system from other teams' attacks. The first part is preparatory for the second one.
Expected learning outcomes
- knowledge of basic concepts and techniques for the development of secure systems and networks;
- knowledge of attack and defence techniques related to program exploitation, system, network and web security;
- skills related to securing real systems and networks, developed through an ethical hacking lab.
It is required basic knowledge of mathematics, programming (good level of C and basic notions of scripting and PHP), computer architectures, operating systems and computer networks.
1. Program exploitation
1.1 Advanced program exploitation e program analysis techniques
1.2 Capture the flag - Tips
1.3 Vulnerable service installation
1.4 CTF on program exploitation

2. SQL injections
2.1 Advanced attack techniques (server side)
2.2 Challenge on SQL injection
2.3 Vulnerable service installation
2.4 CTF on SQL injections

3. Web security
3.1 Client side attack techniques
3.2 Client side attack prevention
3.3 Vulnerable service installation
3.4 CTF on Web security
Referral texts
J. Erickson, Hacking, the art of exploitation, No starch press, 2008.
R. J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley, 2008.
Assessment methods
The exam takes place through a written test, some assignments and a competition of ethical hacking. The written test aims at verifying the knowledge of the different topics of the course. Assignments are not mandatory and consist of a problem (challenge) to solve. Solving assignments give extra score with respect to the the mark of the written test. The ethical hacking competition aims at putting into practice the knowledge acquired and verifying the competence in attacking and securing IT systems and networks.
Teaching methods
Lezioni teoriche in aula e lezioni pratiche in laboratorio;
Risorse audio e video online;
Chat e forum;
Sfide su diversi argomenti che daranno punteggio extra;
Laboratorio di hacking etico.
Teaching language
Further information
This part of the course cannot be taken without having passed the first part
Type of exam
2030 Agenda for Sustainable Development Goals

This subject deals with topics related to the macro-area "Cities, infrastructure and social capital" and contributes to the achievement of one or more goals of U. N. Agenda for Sustainable Development

Definitive programme.
Last update of the programme