System vulnerabilities

Individual course

Max amount of FITech students: 30

Persons without a valid study right to a Finnish university have preference to this course.

This course presents cybersecurity from a system security/system vulnerabilities perspective, including basic concepts related to CVE, CWE, CVSS, etc.

The course is heavily hands-on oriented where “learning by doing” is the main concept. For example, Kali Linux and related cybersecurity environments (e.g., Damn Vulnerable Web Application, SQLol, OpenVAS) are introduced in a very practical manner and students are invited to build knowledge and experience atop of that. The students are exposed to hands-on practical situations of setting up vulnerable environments, finding and/or exploiting cybersecurity vulnerabilities (e.g., XSS, SQL injections, other injections), and providing comprehensive reporting on the findings.

This course aims to prepare a strong basic foundation for practical tasks related to cybersecurity, both in research and industrial/company environments.

Course contents

  • CVE, CWE, CVSS
  • Local vulnerabilities
  • Purpose and phases of attacks and network vulnerabilities, layer 1
  • Network vulnerabilities, layer 2 to layer 4
  • Network vulnerabilities, layer 5 to layer 7, and topology mapping scanning fingerprinting
  • Web security, web pentesting, web bug bounties
  • Recap: Web security & recap: scanning mapping fingerprinting
  • SSL/TLS/HTTPS/security 1–3 & Hash attacks
  • Database security 1–2 & host and platform security
  • Host and platform security & vulnerability management and lifecycle
  • Vulnerability management & Top 10 OWASP10 Web Mobile IoT Cloud Database

System security, system vulnerabilities and their mapping. The most common types and methods of attack.

System: purpose of operation, structure, data in the system, life cycle, systems boundaries, snapshots, documentation, testing, external dependencies, risk assessment.

Vulnerabilities: Mapping, guidelines vs. policy, maintenance vulnerabilities, hardware vulnerabilities, software errors, encryption, external vulnerabilities.

Learning outcomes

The student understands the vulnerabilities of a modern information system and is able to analyse the parts of the system and identify potentially vulnerable points.

Course material

  • Course materials/slides (PDFs) on the course platform
  • Pre-recorded videos lectures
  • Recommended reading list (JYKDOK)

Teaching schedule

  • Lectures are fully pre-recorded
  • Periodic online Q&A sessions (to be defined)

Completion methods

Self-study, completion is based solely on the homework points. Homework points are based on: homework hands-on tasks + homework essay (learning diary/essay/practical project/academic paper).

There are both mandatory tasks (5) and corresponding bonus tasks (5). Mandatory and bonus tasks are evaluated separately (0–15 points).

The maximum points per week are thus 15 + 15 points and the total maximum number of points for the course demo tasks is 150. At least 5 mandatory task must be scored non-zero points in order to complete the course.

Each task (mandatory or bonus) is graded on a scale of 0–15 points.

Essay: 0–25 points. The essay must earn at least 5 points to complete the course.

Final grade/completion:

  • 0 – failed: less than 50 points
  • 1 – adequate: 50+ points
  • 2 – satisfactory: 62+ points
  • 3 – good: 75+ points
  • 4 – commendable: 87+ points
  • 5 – excellent: 100+ points

More information in the University of Jyväskylä’s study guide.

You can get a digital badge after completing this course.

Network Vulnerabilities, Web Security, Ssl Tls Https Security, Database Security, turvallisuus, haavoittuvuus, tietoturva

Responsible teacher

University of Jyväskylä
Andrei Costin
andrei.costin(at)jyu.fi

Further information about the course and studying

University of Jyväskylä
Annemari Auvinen
annemari.k.auvinen(at)jyu.fi

Contact person for applications

FITech-verkostoyliopisto
Fanny Qvickström, Opintoasioiden suunnittelija
info(at)fitech.io

Topics:

Course code:

Study credits:

Price:

Course level:

Teaching period:

Application start date:

Application deadline:

Host university:

Who can apply:

Teaching method:

Teaching language:

General prerequisites:

Course suitable for:

Interested in this course? Subscribe and get updates about the course directly to your email. You can cancel subscription any time you want.