Takaisin kaikki kurssit

System vulnerabilities

Yksittäinen kurssi

Max amount of FITech students: 20

Persons without a valid study right to a Finnish university have preference to this course.

This course presents cybersecurity from a system security/system vulnerabilities perspective, including basic concepts related to CVE, CWE, CVSS, etc.

The course is heavily hands-on oriented where “learning by doing” is the main concept. For example, Kali Linux and related cybersecurity environments (e.g., Damn Vulnerable Web Application, SQLol, OpenVAS) are introduced in a very practical manner and students are invited to build knowledge and experience atop of that. The students are exposed to hands-on practical situations of setting up vulnerable environments, finding and/or exploiting cybersecurity vulnerabilities (e.g., XSS, SQL injections, other injections), and providing comprehensive reporting on the findings.

This course aims to prepare a strong basic foundation for practical tasks related to cybersecurity, both in research and industrial/company environments.

Course contents

  • CVE, CWE, CVSS
  • Local vulnerabilities
  • Purpose and phases of attacks and network vulnerabilities, layer 1
  • Network vulnerabilities, layer 2 to layer 4
  • Network vulnerabilities, layer 5 to layer 7, and topology mapping scanning fingerprinting
  • Web security, web pentesting, web bug bounties
  • Recap: Web security & recap: scanning mapping fingerprinting
  • SSL/TLS/HTTPS/security 1–3 & Hash attacks
  • Database security 1–2 & host and platform security
  • Host and platform security & vulnerability management and lifecycle
  • Vulnerability management & Top 10 OWASP10 Web Mobile IoT Cloud Database

System security, system vulnerabilities and their mapping. The most common types and methods of attack.

System: purpose of operation, structure, data in the system, life cycle, systems boundaries, snapshots, documentation, testing, external dependencies, risk assessment.

Vulnerabilities: Mapping, guidelines vs. policy, maintenance vulnerabilities, hardware vulnerabilities, software errors, encryption, external vulnerabilities.

Learning outcomes

The student understands the vulnerabilities of a modern information system and is able to analyse the parts of the system and identify potentially vulnerable points.

Course material

  • Course materials/slides (PDFs) on the course platform
  • Pre-recorded videos lectures
  • Recommended reading list (JYKDOK)

Teaching schedule

  • Lectures are fully pre-recorded
  • Periodic online Q&A sessions (to be defined)

Completion methods

Self-study, completion is based solely on the homework points. Homework points are based on: homework hands-on tasks + homework essay (learning diary/essay/practical project/academic paper).

There are both mandatory tasks (5) and corresponding bonus tasks (5). Mandatory and bonus tasks are evaluated separately (0–15 points).

The maximum points per week are thus 15 + 15 points and the total maximum number of points for the course demo tasks is 150. At least 5 mandatory task must be scored non-zero points in order to complete the course.

Each task (mandatory or bonus) is graded on a scale of 0–15 points.

Essay: 0–25 points. The essay must earn at least 5 points to complete the course.

Final grade/completion:

  • 0 – failed: less than 50 points
  • 1 – adequate: 50+ points
  • 2 – satisfactory: 62+ points
  • 3 – good: 75+ points
  • 4 – commendable: 87+ points
  • 5 – excellent: 100+ points

More information in the University of Jyväskylä’s study guide.

You can get a digital badge after completing this course.

Network Vulnerabilities, Web Security, Ssl Tls Https Security, Database Security, turvallisuus, haavoittuvuus, tietoturva

Vastuuopettaja

Jyväskylän yliopisto
Andrei Costin

Lisätietoa kurssista ja suorittamisesta

Jyväskylän yliopisto
Annemari Auvinen

Hakua koskevat kysymykset

FITech-verkostoyliopisto
Fanny Qvickström, Opintoasioiden suunnittelija
Hakuaika alkaa 13.11.2024
Hakuaika alkaa 13.11.2024
Teemat:
5G-teknologia,
Internet-teknologia,
Tietojenkäsittelytiede,
Tietoturva
Kurssikoodi:
ITKST56
Opintopisteet
5 ECTS
Hinta:
0 €
Kurssin taso:
Kurssin ajankohta:
9.1.–16.3.2025
Haun alkamispäivä:
13.11.2024
Viimeinen hakupäivä:
26.12.2024
Vastuuyliopisto:
Jyväskylän yliopisto
Kuka voi hakea:
Aikuisopiskelija,
Tutkinto-opiskelija
Toteuttamistapa:
Verkko-opetus
Opetuskieli:
Englanti
Esitietovaatimukset:
Basic information technology: algorithmic thinking and programming skillset, knowledge and database management, operating systems. Practical experience: ssh, Linux command line, virtualization concepts, VirtualBox/VMware/QEMU, networking and IPv4 experience, information security management, cyber technologies and security.
Kenelle kurssi sopii:
Students interested in cyber security. IT & cyber security professionals who want to deepen their knowledge from a system security perspective
Oletko kiinnostunut tästä kurssista? Tilaa ilmoitus kurssin tietojen muutoksista suoraan sähköpostiisi! Voit peruuttaa tilauksen koska tahansa.