Difference between revisions of "MSc: Advanced Security"
R.sirgalina (talk | contribs) |
R.sirgalina (talk | contribs) |
||
Line 1: | Line 1: | ||
+ | |||
= Advanced security = |
= Advanced security = |
||
+ | * '''Course name''': Advanced security |
||
+ | * '''Code discipline''': |
||
+ | * '''Subject area''': |
||
+ | == Short Description == |
||
− | * <span>'''Course name:'''</span> Advanced Security |
||
+ | This course covers the following concepts: Wireless network security; Software security; Web application security; OWASP; Firewall (web application); Assemblers and debuggers for low-level security. |
||
− | * <span>'''Course number:'''</span> |
||
− | |||
− | == Course characteristics == |
||
− | |||
− | === Key concepts of the class === |
||
− | |||
− | * Wireless network security |
||
− | * Software security |
||
− | * Web application security |
||
− | * OWASP |
||
− | * Firewall (web application) |
||
− | * Assemblers and debuggers for low-level security |
||
− | |||
− | === What is the purpose of this course? === |
||
− | |||
− | In this course, server-based and application-based web attacks are taught. We begin by exploring advanced techniques and attacks to which all modern-day complex applications may be vulnerable to. We will learn about new web frameworks and web back-ends, then explore encryption as it relates to web applications, digging deep into practical cryptography used by the web, including techniques to identify the type of encryption in use within the application and methods for exploiting or abusing it. In this course, we will also focus on wireless security such as Bluetooth and WiFi and will dive deeper into the security mechanisms used in the modern-day technologies. Furthermore, we will look into assembly language, assemblers and debuggers that will help us to assess and protect networks and applications. Other important topics in advanced security include Web Application Firewall (WAF) and web vulnerability scanners. Software security is another exciting topic that will be covered in detail in AS. It is worth mentioning that AS is a defensive course where the emphasis will be put on the defensive mechanisms. |
||
== Prerequisites == |
== Prerequisites == |
||
+ | === Prerequisite subjects === |
||
* The course has been designed to be self-included as much as possible. The successful completion will depend on prerequisite courses such as |
* The course has been designed to be self-included as much as possible. The successful completion will depend on prerequisite courses such as |
||
* Security of Systems and Networks |
* Security of Systems and Networks |
||
* Essential skills |
* Essential skills |
||
+ | === Prerequisite topics === |
||
− | == Course Objectives Based on Bloom’s Taxonomy == |
||
− | === What should a student remember at the end of the course? === |
||
+ | == Course Topics == |
||
− | By the end of the course, the students should be able to recognize and define |
||
+ | {| class="wikitable" |
||
+ | |+ Course Sections and Topics |
||
+ | |- |
||
+ | ! Section !! Topics within the section |
||
+ | |- |
||
+ | | Bluetooth security || |
||
+ | # Bluetooth standard |
||
+ | # Bluetooth applications |
||
+ | # Bluetooth security |
||
+ | |- |
||
+ | | Wireless and Wifi security || |
||
+ | # Eavesdropping |
||
+ | # DoS |
||
+ | # WEP / WPA / RSN |
||
+ | # RADIUS, EduRoam, and other current security standards in WiFi |
||
+ | |- |
||
+ | | Web (application) security, Web vulnerability scanners, and Web Application Firewall (WAF) || |
||
+ | # Security related to web technologies. |
||
+ | # Same Origin Policy. |
||
+ | # Web Attacker Model |
||
+ | # Web vulnerability scanners |
||
+ | # Web Application Firewall |
||
+ | |- |
||
+ | | Network security || |
||
+ | # Network security policies and practices |
||
+ | # Nmap |
||
+ | # VPN |
||
+ | # IPsec |
||
+ | |} |
||
+ | == Intended Learning Outcomes (ILOs) == |
||
+ | |||
+ | === What is the main purpose of this course? === |
||
+ | In this course, server-based and application-based web attacks are taught. We begin by exploring advanced techniques and attacks to which all modern-day complex applications may be vulnerable to. We will learn about new web frameworks and web back-ends, then explore encryption as it relates to web applications, digging deep into practical cryptography used by the web, including techniques to identify the type of encryption in use within the application and methods for exploiting or abusing it. In this course, we will also focus on wireless security such as Bluetooth and WiFi and will dive deeper into the security mechanisms used in the modern-day technologies. Furthermore, we will look into assembly language, assemblers and debuggers that will help us to assess and protect networks and applications. Other important topics in advanced security include Web Application Firewall (WAF) and web vulnerability scanners. Software security is another exciting topic that will be covered in detail in AS. It is worth mentioning that AS is a defensive course where the emphasis will be put on the defensive mechanisms. |
||
+ | |||
+ | === ILOs defined at three levels === |
||
+ | ==== Level 1: What concepts should a student know/remember/explain? ==== |
||
+ | By the end of the course, the students should be able to ... |
||
* RF and Bluetooth security |
* RF and Bluetooth security |
||
* Database security/Wifi security |
* Database security/Wifi security |
||
Line 40: | Line 66: | ||
* Assembly language programming, assemblers, and low-level program analysis |
* Assembly language programming, assemblers, and low-level program analysis |
||
− | === What should a student be able to |
+ | ==== Level 2: What basic practical skills should a student be able to perform? ==== |
+ | By the end of the course, the students should be able to ... |
||
− | |||
− | By the end of the course, the students should be able to describe and explain (with examples) |
||
− | |||
* Web vulnerabilities |
* Web vulnerabilities |
||
* WPA and WEP definition and differences |
* WPA and WEP definition and differences |
||
Line 51: | Line 75: | ||
* Software security |
* Software security |
||
− | === What should a student be able to apply |
+ | ==== Level 3: What complex comprehensive skills should a student be able to apply in real-life scenarios? ==== |
+ | By the end of the course, the students should be able to ... |
||
− | |||
− | By the end of the course, the students should be able to apply |
||
− | |||
* Track application security against known standard OWASP and SANS categories |
* Track application security against known standard OWASP and SANS categories |
||
* To perform Bluetooth sniffer test. |
* To perform Bluetooth sniffer test. |
||
* WPA implementation |
* WPA implementation |
||
− | * Testing security features within applications |
+ | * Testing security features within applications |
+ | == Grading == |
||
− | === Course |
+ | === Course grading range === |
+ | {| class="wikitable" |
||
− | |||
− | + | |+ |
|
+ | |- |
||
− | |+ Course grade breakdown |
||
+ | ! Grade !! Range !! Description of performance |
||
− | ! |
||
− | ! |
||
− | !align="center"| '''Proposed points''' |
||
|- |
|- |
||
+ | | A. Excellent || 90-100 || - |
||
− | | Labs/seminar classes |
||
− | | 20 |
||
− | |align="center"| 50 |
||
|- |
|- |
||
+ | | B. Good || 75-89 || - |
||
− | | Interim performance assessment |
||
− | | 30 |
||
− | |align="center"| 0 |
||
|- |
|- |
||
+ | | C. Satisfactory || 60-74 || - |
||
− | | Exams |
||
− | | |
+ | |- |
+ | | D. Poor || 0-59 || - |
||
− | |align="center"| 50 |
||
|} |
|} |
||
+ | === Course activities and grading breakdown === |
||
− | If necessary, please indicate freely your course’s features in terms of students’ performance assessment: None |
||
+ | {| class="wikitable" |
||
− | |||
+ | |+ |
||
− | === Grades range === |
||
− | |||
− | {| |
||
− | |+ Course grading range |
||
− | ! |
||
− | ! |
||
− | !align="center"| '''Proposed range''' |
||
|- |
|- |
||
+ | ! Activity Type !! Percentage of the overall course grade |
||
− | | A. Excellent |
||
− | | 90-100 |
||
− | |align="center"| |
||
|- |
|- |
||
+ | | Labs/seminar classes || 50 |
||
− | | B. Good |
||
− | | 75-89 |
||
− | |align="center"| |
||
|- |
|- |
||
+ | | Interim performance assessment || 0 |
||
− | | C. Satisfactory |
||
− | | 60-74 |
||
− | |align="center"| |
||
|- |
|- |
||
− | | |
+ | | Exams || 50 |
− | | 0-59 |
||
− | |align="center"| |
||
|} |
|} |
||
+ | === Recommendations for students on how to succeed in the course === |
||
− | If necessary, please indicate freely your course’s grading features: The semester starts with the default range as proposed in the Table [[#tab:MLCourseGradingRange|[tab:MLCourseGradingRange]]], but it may change slightly (usually reduced) depending on how the semester progresses. |
||
+ | |||
− | + | == Resources, literature and reference materials == |
|
+ | === Open access resources === |
||
− | * Michael Sikorksi and Andrew Honig, ''<span>Practical Malware Analysis by, 1nd Edition, Kindle Edition</span>'' |
||
+ | * Michael Sikorksi and Andrew Honig, Practical Malware Analysis by, 1nd Edition, Kindle Edition |
||
* Online resources provided either in slides or on moodle |
* Online resources provided either in slides or on moodle |
||
− | == |
+ | === Closed access resources === |
− | The main sections of the course and approximate hour distribution between them is as follows: |
||
+ | === Software and tools used within the course === |
||
− | {| |
||
+ | |||
− | |+ Course Sections |
||
+ | = Teaching Methodology: Methods, techniques, & activities = |
||
− | !align="center"| '''Section''' |
||
+ | |||
− | ! '''Section Title''' |
||
− | + | == Activities and Teaching Methods == |
|
+ | {| class="wikitable" |
||
+ | |+ Activities within each section |
||
|- |
|- |
||
+ | ! Learning Activities !! Section 1 !! Section 2 !! Section 3 !! Section 4 |
||
− | |align="center"| 1 |
||
− | | Bluetooth and hardware security |
||
− | |align="center"| 8 |
||
|- |
|- |
||
+ | | Development of individual parts of software product code || 1 || 1 || 1 || 1 |
||
− | |align="center"| 2 |
||
− | | Wireless and Wifi security |
||
− | |align="center"| 12 |
||
|- |
|- |
||
+ | | Homework and group projects || 1 || 1 || 1 || 1 |
||
− | |align="center"| 3 |
||
− | | Web application, vulnerability, firewalls, and software security |
||
− | |align="center"| 16 |
||
|- |
|- |
||
+ | | Midterm evaluation || 1 || 1 || 1 || 1 |
||
− | |align="center"| 4 |
||
+ | |- |
||
− | | Network security |
||
+ | | Testing (written or computer based) || 1 || 1 || 1 || 1 |
||
− | |align="center"| 8 |
||
− | | |
+ | |- |
+ | | Discussions || 1 || 1 || 1 || 1 |
||
+ | |} |
||
+ | == Formative Assessment and Course Activities == |
||
− | === |
+ | === Ongoing performance assessment === |
− | |||
− | === Section title: === |
||
− | |||
− | Bluetooth security |
||
− | |||
− | === Topics covered in this section: === |
||
− | |||
− | * Bluetooth standard |
||
− | * Bluetooth applications |
||
− | * Bluetooth security |
||
− | |||
− | === What forms of evaluation were used to test students’ performance in this section? === |
||
− | |||
− | <div class="tabular"> |
||
− | |||
− | <span>|a|c|</span> & '''Yes/No'''<br /> |
||
− | Development of individual parts of software product code & 1<br /> |
||
− | Homework and group projects & 1<br /> |
||
− | Midterm evaluation & 1<br /> |
||
− | Testing (written or computer based) & 1<br /> |
||
− | Reports & 0<br /> |
||
− | Essays & 0<br /> |
||
− | Oral polls & 0<br /> |
||
− | Discussions & 1<br /> |
||
− | |||
− | |||
− | |||
− | </div> |
||
− | === Typical questions for ongoing performance evaluation within this section === |
||
− | |||
− | # Explain an ad hoc networking |
||
− | # Explain frequency hoping |
||
− | # Establishing Piconets example |
||
− | # What is sniff mode? |
||
− | |||
− | === Typical questions for seminar classes (labs) within this section === |
||
− | |||
− | # What are possible security flaws for common applications of the bluetooth technology? |
||
− | # What approaches are used to increase radio channel security and throughput? |
||
− | # How radio waves are propagated through environment? |
||
− | |||
− | === Test questions for final assessment in this section === |
||
+ | ==== Section 1 ==== |
||
+ | {| class="wikitable" |
||
+ | |+ |
||
+ | |- |
||
+ | ! Activity Type !! Content !! Is Graded? |
||
+ | |- |
||
+ | | Question || Explain an ad hoc networking || 1 |
||
+ | |- |
||
+ | | Question || Explain frequency hoping || 1 |
||
+ | |- |
||
+ | | Question || Establishing Piconets example || 1 |
||
+ | |- |
||
+ | | Question || What is sniff mode? || 1 |
||
+ | |- |
||
+ | | Question || What are possible security flaws for common applications of the bluetooth technology? || 0 |
||
+ | |- |
||
+ | | Question || What approaches are used to increase radio channel security and throughput? || 0 |
||
+ | |- |
||
+ | | Question || How radio waves are propagated through environment? || 0 |
||
+ | |} |
||
+ | ==== Section 2 ==== |
||
+ | {| class="wikitable" |
||
+ | |+ |
||
+ | |- |
||
+ | ! Activity Type !! Content !! Is Graded? |
||
+ | |- |
||
+ | | Question || Define WEP issues! || 1 |
||
+ | |- |
||
+ | | Question || Describe active attack. || 1 |
||
+ | |- |
||
+ | | Question || TKIP? || 1 |
||
+ | |- |
||
+ | | Question || AES-CCMP? || 1 |
||
+ | |- |
||
+ | | Question || RADIUS and other authentication issues in WiFi || 1 |
||
+ | |- |
||
+ | | Question || Handoff-iapp (802.11f) || 0 |
||
+ | |- |
||
+ | | Question || Pre-auth (802.11i) || 0 |
||
+ | |- |
||
+ | | Question || EduRoam || 0 |
||
+ | |} |
||
+ | ==== Section 3 ==== |
||
+ | {| class="wikitable" |
||
+ | |+ |
||
+ | |- |
||
+ | ! Activity Type !! Content !! Is Graded? |
||
+ | |- |
||
+ | | Question || What is Same Origin Policy? || 1 |
||
+ | |- |
||
+ | | Question || To which attack does SOP mitigate? || 1 |
||
+ | |- |
||
+ | | Question || How the Document object model could be used for an attacker to manipulate the web browser data? || 1 |
||
+ | |- |
||
+ | | Question || Vulnerability analysis and exploitation for a given web application. || 0 |
||
+ | |- |
||
+ | | Question || What are the important aspects of web vulnerability scanners? || 0 |
||
+ | |- |
||
+ | | Question || Write and deploy a WAF rules to mitigate a specific web attack. || 0 |
||
+ | |} |
||
+ | ==== Section 4 ==== |
||
+ | {| class="wikitable" |
||
+ | |+ |
||
+ | |- |
||
+ | ! Activity Type !! Content !! Is Graded? |
||
+ | |- |
||
+ | | Question || How VPN improves network security and in which scenarios?? || 1 |
||
+ | |- |
||
+ | | Question || What are the pros and cons of IPsec? And are there any alternatives to IPSes? || 1 |
||
+ | |- |
||
+ | | Question || How Nmap is used in penetration testing and what are the ethical concerns? || 1 |
||
+ | |- |
||
+ | | Question || Exploit the difference between VPN and sock5. || 0 |
||
+ | |- |
||
+ | | Question || Exploit IPsec effects on the performance of a networking device. || 0 |
||
+ | |- |
||
+ | | Question || Why does nmap produce false-positive when scanning a windows host? || 0 |
||
+ | |- |
||
+ | | Question || Can you improve nmap scanning technique? Elaborate! || 0 |
||
+ | |} |
||
+ | === Final assessment === |
||
+ | '''Section 1''' |
||
# How radio waves are propagated through environment? |
# How radio waves are propagated through environment? |
||
# What is park mode? |
# What is park mode? |
||
# How Service Discovery Protocol works? |
# How Service Discovery Protocol works? |
||
+ | '''Section 2''' |
||
− | |||
− | === Section 2 === |
||
− | |||
− | === Section title: === |
||
− | |||
− | Wireless and Wifi security |
||
− | |||
− | === Topics covered in this section: === |
||
− | |||
− | * Eavesdropping |
||
− | * DoS |
||
− | * WEP / WPA / RSN |
||
− | * RADIUS, EduRoam, and other current security standards in WiFi |
||
− | |||
− | === What forms of evaluation were used to test students’ performance in this section? === |
||
− | |||
− | <div class="tabular"> |
||
− | |||
− | <span>|a|c|</span> & '''Yes/No'''<br /> |
||
− | Development of individual parts of software product code & 1<br /> |
||
− | Homework and group projects & 1<br /> |
||
− | Midterm evaluation & 1<br /> |
||
− | Testing (written or computer based) & 1<br /> |
||
− | Reports & 0<br /> |
||
− | Essays & 0<br /> |
||
− | Oral polls & 0<br /> |
||
− | Discussions & 1<br /> |
||
− | |||
− | |||
− | |||
− | </div> |
||
− | === Typical questions for ongoing performance evaluation within this section === |
||
− | |||
− | # Define WEP issues! |
||
− | # Describe active attack. |
||
− | # TKIP? |
||
− | # AES-CCMP? |
||
− | # RADIUS and other authentication issues in WiFi |
||
− | |||
− | === Typical questions for seminar classes (labs) within this section === |
||
− | |||
− | # Handoff-iapp (802.11f) |
||
− | # Pre-auth (802.11i) |
||
− | # EduRoam |
||
− | |||
− | === Test questions for final assessment in this section === |
||
− | |||
# EduRoam? |
# EduRoam? |
||
# Explain TLS handshake. |
# Explain TLS handshake. |
||
# Differences between WEP and WPA? |
# Differences between WEP and WPA? |
||
+ | '''Section 3''' |
||
− | |||
− | === Section 3 === |
||
− | |||
− | === Section title: === |
||
− | |||
− | Web (application) security, Web vulnerability scanners, and Web Application Firewall (WAF) |
||
− | |||
− | === Topics covered in this section: === |
||
− | |||
− | * Security related to web technologies. |
||
− | * Same Origin Policy. |
||
− | * Web Attacker Model |
||
− | * Web vulnerability scanners |
||
− | * Web Application Firewall |
||
− | |||
− | === What forms of evaluation were used to test students’ performance in this section? === |
||
− | |||
− | <div class="tabular"> |
||
− | |||
− | <span>|a|c|</span> & '''Yes/No'''<br /> |
||
− | Development of individual parts of software product code & 1<br /> |
||
− | Homework and group projects & 1<br /> |
||
− | Midterm evaluation & 1<br /> |
||
− | Testing (written or computer based) & 1<br /> |
||
− | Reports & 0<br /> |
||
− | Essays & 0<br /> |
||
− | Oral polls & 0<br /> |
||
− | Discussions & 1<br /> |
||
− | |||
− | |||
− | |||
− | </div> |
||
− | === Typical questions for ongoing performance evaluation within this section === |
||
− | |||
− | # What is Same Origin Policy? |
||
− | # To which attack does SOP mitigate? |
||
− | # How the Document object model could be used for an attacker to manipulate the web browser data? |
||
− | |||
− | === Typical questions for seminar classes (labs) within this section === |
||
− | |||
− | # Vulnerability analysis and exploitation for a given web application. |
||
− | # What are the important aspects of web vulnerability scanners? |
||
− | # Write and deploy a WAF rules to mitigate a specific web attack. |
||
− | |||
− | === Test questions for final assessment in this section === |
||
− | |||
# Vulnerability analysis and exploitation for a given web application, explain. |
# Vulnerability analysis and exploitation for a given web application, explain. |
||
# How the Document object model could be used for an attacker to manipulate the web browser data? |
# How the Document object model could be used for an attacker to manipulate the web browser data? |
||
+ | '''Section 4''' |
||
+ | # What are the difference between VPN and sock5 |
||
+ | # Does IPsec effects the performance of a networking device? |
||
+ | # What does nmap produce when scanning a windows host? |
||
+ | # Can you improve the scanning technique? |
||
− | === |
+ | === The retake exam === |
+ | '''Section 1''' |
||
− | + | '''Section 2''' |
|
+ | '''Section 3''' |
||
− | Network security |
||
+ | '''Section 4''' |
||
− | === Topics covered in this section: === |
||
− | |||
− | * Network security policies and practices |
||
− | * Nmap |
||
− | * VPN |
||
− | * IPsec |
||
− | |||
− | === What forms of evaluation were used to test students’ performance in this section? === |
||
− | |||
− | <div class="tabular"> |
||
− | |||
− | <span>|a|c|</span> & '''Yes/No'''<br /> |
||
− | Development of individual parts of software product code & 1<br /> |
||
− | Homework and group projects & 1<br /> |
||
− | Midterm evaluation & 1<br /> |
||
− | Testing (written or computer based) & 1<br /> |
||
− | Reports & 0<br /> |
||
− | Essays & 0<br /> |
||
− | Oral polls & 0<br /> |
||
− | Discussions & 1<br /> |
||
− | |||
− | |||
− | |||
− | </div> |
||
− | === Typical questions for ongoing performance evaluation within this section === |
||
− | |||
− | # How VPN improves network security and in which scenarios?? |
||
− | # What are the pros and cons of IPsec? And are there any alternatives to IPSes? |
||
− | # How Nmap is used in penetration testing and what are the ethical concerns? |
||
− | |||
− | === Typical questions for seminar classes (labs) within this section === |
||
− | |||
− | # Exploit the difference between VPN and sock5. |
||
− | # Exploit IPsec effects on the performance of a networking device. |
||
− | # Why does nmap produce false-positive when scanning a windows host? |
||
− | # Can you improve nmap scanning technique? Elaborate! |
||
− | |||
− | === Test questions for final assessment in this section === |
||
− | |||
− | # What are the difference between VPN and sock5 |
||
− | # Does IPsec effects the performance of a networking device? |
||
− | # What does nmap produce when scanning a windows host? |
||
− | # Can you improve the scanning technique? |
Latest revision as of 11:56, 29 August 2022
Advanced security
- Course name: Advanced security
- Code discipline:
- Subject area:
Short Description
This course covers the following concepts: Wireless network security; Software security; Web application security; OWASP; Firewall (web application); Assemblers and debuggers for low-level security.
Prerequisites
Prerequisite subjects
- The course has been designed to be self-included as much as possible. The successful completion will depend on prerequisite courses such as
- Security of Systems and Networks
- Essential skills
Prerequisite topics
Course Topics
Section | Topics within the section |
---|---|
Bluetooth security |
|
Wireless and Wifi security |
|
Web (application) security, Web vulnerability scanners, and Web Application Firewall (WAF) |
|
Network security |
|
Intended Learning Outcomes (ILOs)
What is the main purpose of this course?
In this course, server-based and application-based web attacks are taught. We begin by exploring advanced techniques and attacks to which all modern-day complex applications may be vulnerable to. We will learn about new web frameworks and web back-ends, then explore encryption as it relates to web applications, digging deep into practical cryptography used by the web, including techniques to identify the type of encryption in use within the application and methods for exploiting or abusing it. In this course, we will also focus on wireless security such as Bluetooth and WiFi and will dive deeper into the security mechanisms used in the modern-day technologies. Furthermore, we will look into assembly language, assemblers and debuggers that will help us to assess and protect networks and applications. Other important topics in advanced security include Web Application Firewall (WAF) and web vulnerability scanners. Software security is another exciting topic that will be covered in detail in AS. It is worth mentioning that AS is a defensive course where the emphasis will be put on the defensive mechanisms.
ILOs defined at three levels
Level 1: What concepts should a student know/remember/explain?
By the end of the course, the students should be able to ...
- RF and Bluetooth security
- Database security/Wifi security
- Web vulnerabilities
- API security
- Software security
- Network security
- Web application security
- Assembly language programming, assemblers, and low-level program analysis
Level 2: What basic practical skills should a student be able to perform?
By the end of the course, the students should be able to ...
- Web vulnerabilities
- WPA and WEP definition and differences
- Web application firewall
- Use of OWASP
- Understanding of RF and Bluetooth security
- Software security
Level 3: What complex comprehensive skills should a student be able to apply in real-life scenarios?
By the end of the course, the students should be able to ...
- Track application security against known standard OWASP and SANS categories
- To perform Bluetooth sniffer test.
- WPA implementation
- Testing security features within applications
Grading
Course grading range
Grade | Range | Description of performance |
---|---|---|
A. Excellent | 90-100 | - |
B. Good | 75-89 | - |
C. Satisfactory | 60-74 | - |
D. Poor | 0-59 | - |
Course activities and grading breakdown
Activity Type | Percentage of the overall course grade |
---|---|
Labs/seminar classes | 50 |
Interim performance assessment | 0 |
Exams | 50 |
Recommendations for students on how to succeed in the course
Resources, literature and reference materials
Open access resources
- Michael Sikorksi and Andrew Honig, Practical Malware Analysis by, 1nd Edition, Kindle Edition
- Online resources provided either in slides or on moodle
Closed access resources
Software and tools used within the course
Teaching Methodology: Methods, techniques, & activities
Activities and Teaching Methods
Learning Activities | Section 1 | Section 2 | Section 3 | Section 4 |
---|---|---|---|---|
Development of individual parts of software product code | 1 | 1 | 1 | 1 |
Homework and group projects | 1 | 1 | 1 | 1 |
Midterm evaluation | 1 | 1 | 1 | 1 |
Testing (written or computer based) | 1 | 1 | 1 | 1 |
Discussions | 1 | 1 | 1 | 1 |
Formative Assessment and Course Activities
Ongoing performance assessment
Section 1
Activity Type | Content | Is Graded? |
---|---|---|
Question | Explain an ad hoc networking | 1 |
Question | Explain frequency hoping | 1 |
Question | Establishing Piconets example | 1 |
Question | What is sniff mode? | 1 |
Question | What are possible security flaws for common applications of the bluetooth technology? | 0 |
Question | What approaches are used to increase radio channel security and throughput? | 0 |
Question | How radio waves are propagated through environment? | 0 |
Section 2
Activity Type | Content | Is Graded? |
---|---|---|
Question | Define WEP issues! | 1 |
Question | Describe active attack. | 1 |
Question | TKIP? | 1 |
Question | AES-CCMP? | 1 |
Question | RADIUS and other authentication issues in WiFi | 1 |
Question | Handoff-iapp (802.11f) | 0 |
Question | Pre-auth (802.11i) | 0 |
Question | EduRoam | 0 |
Section 3
Activity Type | Content | Is Graded? |
---|---|---|
Question | What is Same Origin Policy? | 1 |
Question | To which attack does SOP mitigate? | 1 |
Question | How the Document object model could be used for an attacker to manipulate the web browser data? | 1 |
Question | Vulnerability analysis and exploitation for a given web application. | 0 |
Question | What are the important aspects of web vulnerability scanners? | 0 |
Question | Write and deploy a WAF rules to mitigate a specific web attack. | 0 |
Section 4
Activity Type | Content | Is Graded? |
---|---|---|
Question | How VPN improves network security and in which scenarios?? | 1 |
Question | What are the pros and cons of IPsec? And are there any alternatives to IPSes? | 1 |
Question | How Nmap is used in penetration testing and what are the ethical concerns? | 1 |
Question | Exploit the difference between VPN and sock5. | 0 |
Question | Exploit IPsec effects on the performance of a networking device. | 0 |
Question | Why does nmap produce false-positive when scanning a windows host? | 0 |
Question | Can you improve nmap scanning technique? Elaborate! | 0 |
Final assessment
Section 1
- How radio waves are propagated through environment?
- What is park mode?
- How Service Discovery Protocol works?
Section 2
- EduRoam?
- Explain TLS handshake.
- Differences between WEP and WPA?
Section 3
- Vulnerability analysis and exploitation for a given web application, explain.
- How the Document object model could be used for an attacker to manipulate the web browser data?
Section 4
- What are the difference between VPN and sock5
- Does IPsec effects the performance of a networking device?
- What does nmap produce when scanning a windows host?
- Can you improve the scanning technique?
The retake exam
Section 1
Section 2
Section 3
Section 4