System vulnerabilities
Yksittäinen kurssi
Max amount of FITech students: 20
Persons without a valid study right to a Finnish university have preference to this course.
This course presents cybersecurity from a system security/system vulnerabilities perspective, including basic concepts related to CVE, CWE, CVSS, etc.
The course is heavily hands-on oriented where “learning by doing” is the main concept. For example, Kali Linux and related cybersecurity environments (e.g., Damn Vulnerable Web Application, SQLol, OpenVAS) are introduced in a very practical manner and students are invited to build knowledge and experience atop of that. The students are exposed to hands-on practical situations of setting up vulnerable environments, finding and/or exploiting cybersecurity vulnerabilities (e.g., XSS, SQL injections, other injections), and providing comprehensive reporting on the findings.
This course aims to prepare a strong basic foundation for practical tasks related to cybersecurity, both in research and industrial/company environments.
Course contents
- CVE, CWE, CVSS
- Local vulnerabilities
- Purpose and phases of attacks and network vulnerabilities, layer 1
- Network vulnerabilities, layer 2 to layer 4
- Network vulnerabilities, layer 5 to layer 7, and topology mapping scanning fingerprinting
- Web security, web pentesting, web bug bounties
- Recap: Web security & recap: scanning mapping fingerprinting
- SSL/TLS/HTTPS/security 1–3 & Hash attacks
- Database security 1–2 & host and platform security
- Host and platform security & vulnerability management and lifecycle
- Vulnerability management & Top 10 OWASP10 Web Mobile IoT Cloud Database
System security, system vulnerabilities and their mapping. The most common types and methods of attack.
System: purpose of operation, structure, data in the system, life cycle, systems boundaries, snapshots, documentation, testing, external dependencies, risk assessment.
Vulnerabilities: Mapping, guidelines vs. policy, maintenance vulnerabilities, hardware vulnerabilities, software errors, encryption, external vulnerabilities.
Learning outcomes
The student understands the vulnerabilities of a modern information system and is able to analyse the parts of the system and identify potentially vulnerable points.
Course material
- Course materials/slides (PDFs) on the course platform
- Pre-recorded videos lectures
- Recommended reading list (JYKDOK)
Teaching schedule
- Lectures are fully pre-recorded
- Periodic online Q&A sessions (to be defined)
Completion methods
Self-study, completion is based solely on the homework points. Homework points are based on: homework hands-on tasks + homework essay (learning diary/essay/practical project/academic paper).
There are both mandatory tasks (5) and corresponding bonus tasks (5). Mandatory and bonus tasks are evaluated separately (0–15 points).
The maximum points per week are thus 15 + 15 points and the total maximum number of points for the course demo tasks is 150. At least 5 mandatory task must be scored non-zero points in order to complete the course.
Each task (mandatory or bonus) is graded on a scale of 0–15 points.
Essay: 0–25 points. The essay must earn at least 5 points to complete the course.
Final grade/completion:
- 0 – failed: less than 50 points
- 1 – adequate: 50+ points
- 2 – satisfactory: 62+ points
- 3 – good: 75+ points
- 4 – commendable: 87+ points
- 5 – excellent: 100+ points
More information in the University of Jyväskylä’s study guide.
You can get a digital badge after completing this course.
Network Vulnerabilities, Web Security, Ssl Tls Https Security, Database Security, turvallisuus, haavoittuvuus, tietoturva
Vastuuopettaja
Lisätietoa kurssista ja suorittamisesta
Hakua koskevat kysymykset
Internet-teknologia,
Tietojenkäsittelytiede,
Tietoturva
Tutkinto-opiskelija