IT & Mobile Security

Ethical Hacking

Integrated course, 5.00 ECTS

 

Course content

The course covers the topic of Penetration Testing (also known as white hat hacking oder ethical hacking). In the first part typical attack verctors are analyzed and simulated in a laboratory environment. The main focus is placed on the exploitation of programming errors and other typical weaknesses of software products (Buffer overflows, race conditions, logical errors). Students are aware of exploit development methods and exploit mitigation mechanisms of modern operating systems (ASLR, Stack cookies, SafeSEH, DEP,..).
Another focus is to understand typical weaknesses and attack patterns of WEB applications and the mitigation steps to avoid them.
The third part of the course covers the structured analysis of security problems and steps used in a Penetration test. (Analysis, preparation, exploitation, documentation, giving recommendations)

Learning outcomes

The graduate obtains detailed knowledge about common attack methods against IT systems, and derives from them detailed competencies to secures these systems with regard to hacker attacks.

Recommended or required reading and other learning resources / tools

Books:
Hacking The Art of Exploitation, Erickson
Hacking mit Metasploit, Messner
Hacking Exposed Malware & Rootkits, Elisan
Hacking Exposed Industrial Control Systems, Bodungen, Singer
Hacking Exposed WEB Applications, Scambray, Liu
Journals: -

Mode of delivery

2 ECTS lecture, 3 ECTS tutorial

Prerequisites and co-requisites

modules CRY and ISC 1

Assessment methods and criteria

Lecture: final exam, tutorial: continuous assessment