Practical Attack and Defence TechniquesLaajuus (3 ECTS)

Objective

After completing the course student:
- knows how to perform network reconnaissance
- is able to perform various scanning activities
- understands methods of hiding illegal activities
- has performed installation and removal of trojan horse / rootkit
- understands basic website security issues
- has tried out most common website attack types and is able to implemented protections against these threads

Content

- network reconnaissance and Google hacking
- IP-scanning, port-scanning and system identification
- methods of hiding illegal activities
- trojan horse / rootkit installation and removal
- common website attack methods:
- directory travelsar
- javascript based exploit
- cross site scripting
- cross site request forgery
- SQL-injection (blind / non-blind)
- insecure direct object references
- cookie stealing (broken session management)

Qualifications

Introduction to Information Security,
IT Security,
Local Area Networks (CCNA 1)

Assessment criteria, satisfactory (1)

Understand basic network security and is able to perform simple security checks.

Assessment criteria, good (3)

Is able to attack target system using several different attack vectors and tools. Knows what protective measures will prevent him to get unauthorized access.

Assessment criteria, excellent (5)

Has deep understanding of all phases of attack process. Can analyze target system and select suitable attack methods against the specific system. Understands also what protective measures will prevent him to get unauthorized access. Understands web-based attack methods and can use them to gain access to private information.

Further information

Laboratory / lectures 28 h
Exercises 12 h
Project work 20 h
Self study 20 h
TOTAL 80 h