System vulnerabilities

Max amount of FITech students: 20

Persons without a valid study right to a Finnish university have preference to this course.

This course presents cybersecurity from a system security/system vulnerabilities perspective, including basic concepts related to CVE, CWE, CVSS, etc.

The course is heavily hands-on oriented where ”learning by doing” is the main concept. For example, Kali Linux and related cybersecurity environments (e.g., Damn Vulnerable Web Application, SQLol, OpenVAS) are introduced in a very practical manner and students are invited to build knowledge and experience atop of that. The students are exposed to hands-on practical situations of setting up vulnerable environments, finding and/or exploiting cybersecurity vulnerabilities (e.g., XSS, SQL injections, other injections), and providing comprehensive reporting on the findings.

This course aims to prepare a strong basic foundation for practical tasks related to cybersecurity, both in research and industrial/company environments.

Course contents

• CVE, CWE, CVSS
• Local vulnerabilities
• Purpose and phases of attacks and network vulnerabilities, layer 1
• Network vulnerabilities, layer 2 to layer 4
• Network vulnerabilities, layer 5 to layer 7, and topology mapping scanning fingerprinting
• Web security, web pentesting, web bug bounties
• Recap: Web security & recap: scanning mapping fingerprinting
• SSL/TLS/HTTPS/security 1–3 & Hash attacks
• Database security 1–2 & host and platform security
• Host and platform security & vulnerability management and lifecycle
• Vulnerability management & Top 10 OWASP10 Web Mobile IoT Cloud Database

System security, system vulnerabilities and their mapping. The most common types and methods of attack.

System: purpose of operation, structure, data in the system, life cycle, systems boundaries, snapshots, documentation, testing, external dependencies, risk assessment.

Vulnerabilities: Mapping, guidelines vs. policy, maintenance vulnerabilities, hardware vulnerabilities, software errors, encryption, external vulnerabilities.

Learning outcomes

The student understands the vulnerabilities of a modern information system and is able to analyse the parts of the system and identify potentially vulnerable points.

Course material

• Course materials/slides (PDFs) on the course platform
• Pre-recorded videos lectures
• Recommended reading list (JYKDOK)

Teaching schedule

• Lectures are fully pre-recorded
• Periodic online Q&A sessions (to be defined)

Completion methods

Self-study, completion is based solely on the homework points. Homework points are based on: homework hands-on tasks + homework essay (learning diary/essay/practical project/academic paper).

There are both mandatory tasks (5) and corresponding bonus tasks (5). Mandatory and bonus tasks are evaluated separately (0–15 points).

The maximum points per week are thus 15 + 15 points and the total maximum number of points for the course demo tasks is 150. At least 5 mandatory task must be scored non-zero points in order to complete the course.

Each task (mandatory or bonus) is graded on a scale of 0–15 points.

Essay: 0–25 points. The essay must earn at least 5 points to complete the course.

Final grade/completion:

• 0 – failed: less than 50 points
• 1 – adequate: 50+ points
• 2 – satisfactory: 62+ points
• 3 – good: 75+ points
• 4 – commendable: 87+ points
• 5 – excellent: 100+ points

More information in the University of Jyväskylä’s study guide.

You can get a digital badge after completing this course.

Network Vulnerabilities, Web Security, Ssl Tls Https Security, Database Security, turvallisuus, haavoittuvuus, tietoturva