Page 1 of 1

Module Code - Title:

CS4436 - ETHICAL HACKING AND SECURITY 2

Year Last Offered:

2024/5

Hours Per Week:

Lecture

1

Lab

6

Tutorial

1

Other

0

Private

2

Credits

6

Grading Type:

N

Prerequisite Modules:

Rationale and Purpose of the Module:

This is Block 8b (6 ECTS) on the 3+1 Integrated BSc/MSc Immersive Software Engineering and runs Year 2 Weeks 1 to 3 (3 Weeks) in the summer semester. This block is a continuation of Block 8a Ethical Hacking Part 1. Both Blocks 8a and 8b should be seen as one cohesive unit, but a division was necessary to align with a semester based academic calendar. This block is a continuation of Block 8a and will teach general principles of creating secure software systems. Students will learn to think about security as part of the design process and implementation of software. Students will become familiar with common types of vulnerabilities and how they are exploited by attackers. They will implement and use basic cryptographic algorithms, and will understand how to respond if they find a vulnerability either within their own software systems, or within those owned by others.

Syllabus:

1. Principles of secure software systems: principle of least-privilege, authorization and authentication methods, public key signing and cryptography, defence-in-depth. 2. Cryptography: basic symmetric key encryption; block ciphers and stream ciphers; basic approach of public key encryption; introduction to key managemen; application of ciphers. 3. Vulnerability management in practice: red and blue teams, zero-days, responsible disclosure, bug bounties, and supply-chain management. 4. Laws governing computer fraud and abuse, and compliance and certification of software

Learning Outcomes:

Cognitive (Knowledge, Understanding, Application, Analysis, Evaluation, Synthesis)

On successful completion of this module, students will be able to: - Write programs that implement common cryptographic algorithms, using both existing libraries and hand-written code - Produce threat models of simple software and non-software systems - Describe how vulnerabilities are discovered, mitigated, and patched - Use laws governing computer fraud and abuse and software compliance in order to inform designs of software systems (for example, PCI-DSS)

Affective (Attitudes and Values)

On successful completion of this module, students will be able to:

Psychomotor (Physical Skills)

On successful completion of this module, students will be able to:

How the Module will be Taught and what will be the Learning Experiences of the Students:

The block is taught using the problem-based learning, the flipped classroom concept, and blended learning in a state of the art laboratory setting with an emphasis on collaborative practice and technical excellence. Learning and teaching will be research led with a focus on translating theory into practice, innovation and knowledge creation.

Research Findings Incorporated in to the Syllabus (If Relevant):

Prime Texts:

W. Stallings and L. Brown (2018) Cryptography and Network Security: Principles and Practice, 6th Ed. , Prentice Hall
J. Erickson (2008) The Art of Exploitation, 2nd Ed. , No Starch Press
A. Shostack . (2014) Threat Modeling: Designing for Security , Wiley
D. Stuttard and M. Pinto. (2011) The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Ed. , Wiley

Other Relevant Texts:

Programme(s) in which this Module is Offered:

Semester(s) Module is Offered:

Summer

Module Leader:

mark.burkley@ul.ie