Integrated course, 5.00 ECTS
The course covers the topic of Penetration Testing (also known as white hat hacking oder ethical hacking). In the first part typical attack verctors are analyzed and simulated in a laboratory environment. The main focus is placed on the exploitation of programming errors and other typical weaknesses of software products (Buffer overflows, race conditions, logical errors). Students are aware of exploit development methods and exploit mitigation mechanisms of modern operating systems (ASLR, Stack cookies, SafeSEH, DEP,..).
Another focus is to understand typical weaknesses and attack patterns of WEB applications and the mitigation steps to avoid them.
The third part of the course covers the structured analysis of security problems and steps used in a Penetration test. (Analysis, preparation, exploitation, documentation, giving recommendations)
The graduate obtains detailed knowledge about common attack methods against IT systems, and derives from them detailed competencies to secures these systems with regard to hacker attacks.
Recommended or required reading and other learning resources / tools
Hacking The Art of Exploitation, Erickson
Hacking mit Metasploit, Messner
Hacking Exposed Malware & Rootkits, Elisan
Hacking Exposed Industrial Control Systems, Bodungen, Singer
Hacking Exposed WEB Applications, Scambray, Liu
Mode of delivery
2 ECTS lecture, 3 ECTS tutorial
Prerequisites and co-requisites
modules CRY and ISC 1
Assessment methods and criteria
Lecture: final exam, tutorial: continuous assessment