Practical Attack and Defence TechniquesLaajuus (3 ECTS)

Objective

After completing the course student:
knows how to perform network reconnaissance
is able to perform various scanning activities
understands methods of hiding illegal activities
has performed the installation and removal of trojan horse / rootkit
understands basic website security issues
has tried out the most common website attack types and is able to implement protections against these threads

Content

network reconnaissance and Google hacking
IP-scanning, port-scanning and system identification
methods of hiding illegal activities
trojan horse / rootkit installation and removal
common website attack methods:
directory travelsar
javascript based exploit
cross site scripting
cross site request forgery
SQL-injection (blind / non-blind)
insecure direct object references
cookie stealing (broken session management)

Qualifications

Introduction to Information Security,
IT Security,
Local Area Networks (CCNA 1)

Assessment criteria, satisfactory (1)

Is able to understand basic network security and is able to perform simple security checks.

Assessment criteria, good (3)

Is able to attack a target system using several different attack vectors and tools. Knows what protective measures will prevent him/her to get unauthorized access.

Assessment criteria, excellent (5)

Has a deep understanding of all phases of the attack process. Can analyze a target system and select suitable attack methods against the specific system. Understands also what protective measures will prevent him/her to get unauthorized access. Understands web-based attack methods and can use them to gain access to private information.

Further information

Laboratory / lectures 28
Exercises 20
Project work 20
Self study 12