Back to all courses

System vulnerabilities

Individual course

Max amount of FITech students: 20

Persons without a valid study right to a Finnish university have preference to this course.

This course presents cybersecurity from a system security/system vulnerabilities perspective, including basic concepts related to CVE, CWE, CVSS, etc.

The course is heavily hands-on oriented where “learning by doing” is the main concept. For example, Kali Linux and related cybersecurity environments (e.g., Damn Vulnerable Web Application, SQLol, OpenVAS) are introduced in a very practical manner and students are invited to build knowledge and experience atop of that. The students are exposed to hands-on practical situations of setting up vulnerable environments, finding and/or exploiting cybersecurity vulnerabilities (e.g., XSS, SQL injections, other injections), and providing comprehensive reporting on the findings.

This course aims to prepare a strong basic foundation for practical tasks related to cybersecurity, both in research and industrial/company environments.

Course contents

  • Local vulnerabilities
  • Purpose and phases of attacks and network vulnerabilities, layer 1
  • Network vulnerabilities, layer 2 to layer 4
  • Network vulnerabilities, layer 5 to layer 7, and topology mapping scanning fingerprinting
  • Web security, web pentesting, web bug bounties
  • Recap: Web security & recap: scanning mapping fingerprinting
  • SSL/TLS/HTTPS/security 1–3 & Hash attacks
  • Database security 1–2 & host and platform security
  • Host and platform security & vulnerability management and lifecycle
  • Vulnerability management & Top 10 OWASP10 Web Mobile IoT Cloud Database

System security, system vulnerabilities and their mapping. The most common types and methods of attack.

System: purpose of operation, structure, data in the system, life cycle, systems boundaries, snapshots, documentation, testing, external dependencies, risk assessment.

Vulnerabilities: Mapping, guidelines vs. policy, maintenance vulnerabilities, hardware vulnerabilities, software errors, encryption, external vulnerabilities.

Learning outcomes

The student understands the vulnerabilities of a modern information system and is able to analyse the parts of the system and identify potentially vulnerable points.

Course material

  • Course materials/slides (PDFs) on the course platform
  • Pre-recorded videos lectures
  • Recommended reading list (JYKDOK)

Teaching schedule

  • Lectures are fully pre-recorded
  • Periodic online Q&A sessions (to be defined)

Completion methods

Self-study, completion is based solely on the homework points. Homework points are based on: homework hands-on tasks + homework essay (learning diary/essay/practical project/academic paper).

There are both mandatory tasks (5) and corresponding bonus tasks (5). Mandatory and bonus tasks are evaluated separately (0–15 points).

The maximum points per week are thus 15 + 15 points and the total maximum number of points for the course demo tasks is 150. At least 5 mandatory task must be scored non-zero points in order to complete the course.

Each task (mandatory or bonus) is graded on a scale of 0–15 points.

Essay: 0–25 points. The essay must earn at least 5 points to complete the course.

Final grade/completion:

  • 0 – failed: less than 50 points
  • 1 – adequate: 50+ points
  • 2 – satisfactory: 62+ points
  • 3 – good: 75+ points
  • 4 – commendable: 87+ points
  • 5 – excellent: 100+ points

More information in the University of Jyväskylä’s study guide.

You can get a digital badge after completing this course.

Network Vulnerabilities, Web Security, Ssl Tls Https Security, Database Security, turvallisuus, haavoittuvuus, tietoturva

Responsible teacher

University of Jyväskylä
Andrei Costin

Further information about the course and studying

University of Jyväskylä
Annemari Auvinen

Contact person for applications

FITech Network University
Fanny Qvickström, Student services specialist
Start here
Start here
5G technology,
Data science,
Information security,
Internet technology
Course code:
Study credits:
0 €
Course level:
Teaching period:
Application start date:
Application deadline:
Host university:
University of Jyväskylä
Who can apply:
Adult learner,
Degree student
Teaching method:
Teaching language:
General prerequisites:
Basic information technology: algorithmic thinking and programming skillset, knowledge and database management, operating systems. Practical experience: ssh, Linux command line, virtualization concepts, VirtualBox/VMware/QEMU, networking and IPv4 experience, information security management, cyber technologies and security.
Course suitable for:
Students interested in cybersecurity. IT/cybersecurity professionals who want to deepen their knowledge from a system security perspective
Interested in this course? Subscribe and get updates about the course directly to your email. You can cancel subscription any time you want.