Max amount of FITech students: 100
Persons without a valid study right to a Finnish university have preference to this course.
This course presents cybersecurity from a system security/system vulnerabilities perspective, including basic concepts related to CVE, CWE, CVSS, etc.
The course is heavily hands-on oriented where “learning by doing” is the main concept. For example, Kali Linux and related cybersecurity environments (e.g., Damn Vulnerable Web Application, SQLol, OpenVAS) are introduced in a very practical manner and students are invited to build knowledge and experience atop of that. The students are exposed to hands-on practical situations of setting up vulnerable environments, finding and/or exploiting cybersecurity vulnerabilities (e.g., XSS, SQL injections, other injections), and providing comprehensive reporting on the findings.
This course aims to prepare a strong basic foundation for practical tasks related to cybersecurity, both in research and industrial/company environments.
- CVE, CWE, CVSS
- Local vulnerabilities
- Purpose and phases of attacks and network vulnerabilities, layer 1
- Network vulnerabilities, layer 2 to layer 4
- Network vulnerabilities, layer 5 to layer 7, and topology mapping scanning fingerprinting
- Web security, web pentesting, web bug bounties
- Recap: Web security & recap: scanning mapping fingerprinting
- SSL/TLS/HTTPS/security 1–3 & Hash attacks
- Database security 1–2 & host and platform security
- Host and platform security & vulnerability management and lifecycle
- Vulnerability management & Top 10 OWASP10 Web Mobile IoT Cloud Database
System security, system vulnerabilities and their mapping. The most common types and methods of attack.
System: purpose of operation, structure, data in the system, life cycle, systems boundaries, snapshots, documentation, testing, external dependencies, risk assessment.
Vulnerabilities: Mapping, guidelines vs. policy, maintenance vulnerabilities, hardware vulnerabilities, software errors, encryption, external vulnerabilities.
The student understands the vulnerabilities of a modern information system and is able to analyse the parts of the system and identify potentially vulnerable points.
- Course materials/slides (PDFs)
- Pre-recorded videos lectures
- Recommended reading list (JYKDOK)
Lectures are fully pre-recorded and the meetings with the teacher are organised as online/Zoom sessions for the purpose of guiding the students, answering any practical/logistical/homework/grading questions or helping to solve any homework blockages.
- Lecture 9.1.2023 at 10.15–12.00
- Guidance/demo sessions on Tuesdays at 14-16 & on Thursdays at 16-18.
Completion is based solely on the homework points. Homework points are based on: homework hands-on tasks + homework essay (learning diary/essay/practical project/academic paper).
There are both mandatory tasks (5) and corresponding bonus tasks (5). Mandatory and bonus tasks are evaluated separately (0–15 points).
The maximum points per week are thus 15 + 15 points and the total maximum number of points for the course demo tasks is 150. At least 5 mandatory task must be scored non-zero points in order to complete the course.
Each task (mandatory or bonus) is graded on a scale of 0–15 points.
Essay: 0–25 points. The essay must earn at least 5 points to complete the course.
- 0 – failed: less than 50 points
- 1 – adequate: 50+ points
- 2 – satisfactory: 62+ points
- 3 – good: 75+ points
- 4 – commendable: 87+ points
- 5 – excellent: 100+ points
More information in the University of Jyväskylä’s study guide.
You can get a digital badge after completing this course.
Network Vulnerabilities, Web Security, Ssl Tls Https Security, Database Security, turvallisuus, haavoittuvuus, tietoturva
Further information about the course and studying
Contact person for applications