Contribution of the course to the overall degree programme goals
This course aims at introducing basic concepts and techniques for the development of secure systems and networks. In the first part of the course, we will cover program exploitation, system, network and web security. In the second part of the course, we will apply the theory in a laboratory of "ethical hacking" in which students will have to attack other teams while defending their own system from other teams' attacks. The first part is preparatory for the second one.
Expected learning outcomes
- knowledge of basic concepts and techniques for the development of secure systems and networks;
- knowledge of attack and defence techniques related to program exploitation, system, network and web security;
- skills related to securing real systems and networks, developed through an ethical hacking lab.
It is required basic knowledge of mathematics, programming (good level of C and basic notions of scripting and PHP), computer architectures, operating systems and computer networks.
1. Program exploitation
1.1 Advanced program exploitation e program analysis techniques
1.2 Capture the flag - Tips
1.3 Vulnerable service installation
1.4 CTF on program exploitation
2. SQL injections
2.1 Advanced attack techniques (server side)
2.2 Challenge on SQL injection
2.3 Vulnerable service installation
2.4 CTF on SQL injections
3. Web security
3.1 Client side attack techniques
3.2 Client side attack prevention
3.3 Vulnerable service installation
3.4 CTF on Web security
J. Erickson, Hacking, the art of exploitation, No starch press, 2008.
R. J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley, 2008.
The exam takes place through a written test, some assignments and a competition of ethical hacking. The written test aims at verifying the knowledge of the different topics of the course. Assignments are not mandatory and consist of a problem (challenge) to solve. Solving assignments give extra score with respect to the the mark of the written test. The ethical hacking competition aims at putting into practice the knowledge acquired and verifying the competence in attacking and securing IT systems and networks.
Lezioni teoriche in aula e lezioni pratiche in laboratorio;
Risorse audio e video online;
Chat e forum;
Sfide su diversi argomenti che daranno punteggio extra;
Laboratorio di hacking etico.
This part of the course cannot be taken without having passed the first part
- This subject deals with topics related to the macro-area "Cities, infrastructure and social capital" and contributes to the achievement of one or more goals of U. N. Agenda for Sustainable Development
Last update of the programme