Lectures
1. Basic concepts and principles of security (security vs usability, security functions and mechanisms, attack types, threats, vulnerabilities, risks, backup mechanisms, ...).
2. OS Security (ACL, AAA).
3. Hardware level security, kernel-space and user-space (SandBox, SE Linux, virtualized environment).
4. Detection, prevention and mitigation of the effects of individual attacks on the service (load balancers, proxy, honeypot).
5. Implementation of block and stream ciphers in network protocols (implementation of a secure channel, data encapsulation of serializable objects).
6. Security of Internet application protocols (MITM, RPC, SOAP, CORBA, MySQL, replay attack)
7. Development of safe applications (general principles, the most common vulnerabilities, database security, security of web applications).
8. Security of mobile devices (data transfer and storage, security features of mobile OS, application distribution and signatures)
9. Hardware security features (cards, chips, reverse engineering)
10. Malware (viruses, spyware, infection, detection of malware, social engineering)
11. Creating secure code (static code analysis, obfuscation, buffer overflow, boundary conditions)
Computer labs
Labs follow the issues discussed in the lectures. Their main aim is the practical demonstration and evaluation of individual topics as well as the analysis, administration, configuration and testing of security mechanisms.
1. OS security, demonstration of SE Linux configuration.
2. Virtualization of OS + snapshots for vulnerability testing.
3. In-depth protocol analysis with packet analyzer (social networks, ...).
4. Honeypot, log analysis and forensic analysis of recorded attack.
5. Configuration of AAA infrastructure.
6. Usage of modern computation technologies for implementation of attacks against wireless networks.
7. Application of block ciphers in network protocols
8. Attacks on application layer protocols
9. Demonstration of known vulnerabilities: XSS, SQL injection, buffer overflow, ...
10. Reverse engineering, code protection - obfuscation
1. Basic concepts and principles of security (security vs usability, security functions and mechanisms, attack types, threats, vulnerabilities, risks, backup mechanisms, ...).
2. OS Security (ACL, AAA).
3. Hardware level security, kernel-space and user-space (SandBox, SE Linux, virtualized environment).
4. Detection, prevention and mitigation of the effects of individual attacks on the service (load balancers, proxy, honeypot).
5. Implementation of block and stream ciphers in network protocols (implementation of a secure channel, data encapsulation of serializable objects).
6. Security of Internet application protocols (MITM, RPC, SOAP, CORBA, MySQL, replay attack)
7. Development of safe applications (general principles, the most common vulnerabilities, database security, security of web applications).
8. Security of mobile devices (data transfer and storage, security features of mobile OS, application distribution and signatures)
9. Hardware security features (cards, chips, reverse engineering)
10. Malware (viruses, spyware, infection, detection of malware, social engineering)
11. Creating secure code (static code analysis, obfuscation, buffer overflow, boundary conditions)
Computer labs
Labs follow the issues discussed in the lectures. Their main aim is the practical demonstration and evaluation of individual topics as well as the analysis, administration, configuration and testing of security mechanisms.
1. OS security, demonstration of SE Linux configuration.
2. Virtualization of OS + snapshots for vulnerability testing.
3. In-depth protocol analysis with packet analyzer (social networks, ...).
4. Honeypot, log analysis and forensic analysis of recorded attack.
5. Configuration of AAA infrastructure.
6. Usage of modern computation technologies for implementation of attacks against wireless networks.
7. Application of block ciphers in network protocols
8. Attacks on application layer protocols
9. Demonstration of known vulnerabilities: XSS, SQL injection, buffer overflow, ...
10. Reverse engineering, code protection - obfuscation