Back to all courses

System vulnerabilities

Individual course

Max amount of FITech students: 100

This course presents cybersecurity from a system security/system vulnerabilities perspective, including basic concepts related to CVE, CWE, CVSS, etc.

The course is heavily hands-on oriented where “learning by doing” is the main concept. For example, Kali Linux and related cybersecurity environments (e.g., Damn Vulnerable Web Application, SQLol, OpenVAS) are introduced in a very practical manner and students are invited to build knowledge and experience atop of that. The students are exposed to hands-on practical situations of setting up vulnerable environments, finding and/or exploiting cybersecurity vulnerabilities (e.g., XSS, SQL injections, other injections), and providing comprehensive reporting on the findings.

This course aims to prepare a strong basic foundation for practical tasks related to cybersecurity, both in research and industrial/company environments.

Course contents

  • CVE, CWE, CVSS
  • Local vulnerabilities
  • Purpose and phases of attacks and network vulnerabilities, layer 1
  • Network vulnerabilities, layer 2 to layer 4
  • Network vulnerabilities, layer 5 to layer 7, and topology mapping scanning fingerprinting
  • WebSecurity, web pentesting, web bug bounties
  • Recap: WebSecurity & recap: scanning mapping fingerprinting
  • SslTlsHttpsSecurity 1–3 & Hash attacks
  • Database security 1–2 & host and platform security
  • Host and platform security & vulnerability management and lifecycle
  • Vulnerability management & Top 10 OWASP10 Web Mobile IoT Cloud Database

System security, system vulnerabilities and their mapping. The most common types and methods of attack.

System: purpose of operation, structure, data in the system, life cycle, systems boundaries, snapshots, documentation, testing, external dependencies, risk assessment.

Vulnerabilities: Mapping, guidelines vs. policy, maintenance vulnerabilities, hardware vulnerabilities, software errors, encryption, external vulnerabilities.

Learning outcomes

The student understands the vulnerabilities of a modern information system and is able to analyse the parts of the system and identify potentially vulnerable points.

Course material

  • Course materials/slides (PDFs)
  • Pre-recorded videos lectures
  • Recommended reading list (JYKDOK)

Teaching schedule

Lectures are fully pre-recorded and the meetings with the teacher are organised during online/Zoom sessions (on Tuesdays at 16–18) for the purpose of guiding the students, answering any practical/logistical/homework/grading questions or helping to solve any homework blockages.

Completion methods

Completion is based solely on the homework points. Homework points are based on: homework hands-on tasks + homework essay (learning diary/essay/practical project/academic paper).

There are both mandatory tasks (5) and corresponding bonus tasks (5). Mandatory and bonus tasks are evaluated separately (0–15 points).

The maximum points per week are thus 15 + 15 points and the total maximum number of points for the course demo tasks is 150.  At least 5 mandatory task must be scored non-zero points in order to complete the course.

Each task (mandatory or bonus) is graded on a scale of 0–15 points.

Essay: 0–25 points. The essay must earn at least 5 points to complete the course.

Final grade/completion:

  • 0 – failed: less than 50 points
  • 1 – adequate: 50+ points
  • 2 – satisfactory: 62+ points
  • 3 – good: 75+ points
  • 4 – commendable: 87+ points
  • 5 – excellent: 100+ points

More information in the University of Jyväskylä study guide.

You can get a digital badge after completing this course.

Network Vulnerabilities, WebSecurity, SslTlsHttpsSecurity, Database Security, turvallisuus, haavoittuvuus, tietoturva

Responsible teacher

University of Jyväskylä
Andrei Costin
andrei.costin(at)jyu.fi

Further information about the course and studying

University of Jyväskylä
Annemari Auvinen
annemari.k.auvinen(at)jyu.fi

Contact person for applications

FITech Network University
Monica Sandberg
monica.sandberg(at)fitech.io
Start here
Start here
Category:
ICT Studies
Topics:
5G technology,
Data science,
Information security
Course code:
ITKST56
Credits:
5 ECTS
Price:
0 €
Level:
Teaching period:
10.1.–13.3.2022
Application deadline:
2.1.2022
Host university:
University of Jyväskylä
Study is open for:
Adult learner,
Degree student
Teaching methods:
Online
Language:
English
General prerequisites:
Basic information technology: algorithmic thinking and programming skillset, knowledge and database management, operating systems. Practical experience: ssh, Linux command line, virtualization concepts, VirtualBox/VMware/QEMU, networking and IPv4 experience, information security management, cyber technologies and security.
Study suitable for:
Students interested in cybersecurity. IT/cybersecurity professionals who want to deepen their knowledge from a system security perspective
Interested in this course? Subscribe and get updates about the course directly to your email. You can cancel subscription any time you want.