Page 1 of 1

Module Code - Title:

CS4455 - ETHICAL HACKING AND SECURITY 1

Year Last Offered:

2025/6

Hours Per Week:

Lecture

1

Lab

8

Tutorial

1

Other

0

Private

10

Credits

12

Grading Type:

N

Prerequisite Modules:

Rationale and Purpose of the Module:

This is Block 8a (12 ECTS) on the 3+1 Integrated BSc/MSc Immersive Software Engineering and runs Year 2 Weeks 10 to 16 (7 Weeks) in the spring semester. This block introduces general principles for creating secure software systems through which students learn to think about security as part of the design process and implementation of software. Students will become familiar with common types of vulnerabilities and how they are exploited by attackers. They will implement and use basic cryptographic algorithms, and will understand how to respond if they detect a vulnerability either within their own software systems, or within those owned by others.

Syllabus:

1. Introduction to web application security and the OWASP top 10 vulnerabilities 2. Introduction to low-level vulnerabilities such as buffer overflows 3. Threats from passive and active attackers and from malware, basic botnet structure, and the use of a Command and Control structure. 4. Principles of robust authentication and authorization, including concepts such as passwords, multi-factor authentication, password hashing and password cracking Executing and defending against social engineering attacks 5. Introduction to security components such as firewalls and IDS, virus scanner, file integrity checker, OS update management.

Learning Outcomes:

Cognitive (Knowledge, Understanding, Application, Analysis, Evaluation, Synthesis)

On successful completion of this module, students will be able to: - Probe a web app for common OWASP vulnerabilities - Probe a vulnerable piece of local software for vulnerabilities such as buffer overflows - Describe how attackers build, manage, and exploit basic botnets - Design robust authentication systems - Execute a password-cracking attack against an insufficiently protected password hash dump - Describe components and principles of a secure system, such as firewalls, IDS, and secure password management.

Affective (Attitudes and Values)

On successful completion of this module, students will be able to: - Describe the purpose of security as mitigating risk while continuing to develop new software - Account for human error, social engineering, and trust in the design of secure systems

Psychomotor (Physical Skills)

On successful completion of this module, students will be able to:

How the Module will be Taught and what will be the Learning Experiences of the Students:

The block is taught using the problem-based learning, the flipped classroom concept, and blended learning in a state of the art laboratory setting with an emphasis on collaborative practice and technical excellence. Learning and teaching will be research led with a focus on translating theory into practice, innovation and knowledge creation.

Research Findings Incorporated in to the Syllabus (If Relevant):

Prime Texts:

W. Stallings and L. Brown. (2018) Cryptography and Network Security, Principles and Practice, 6th Ed. , Prentice Hall
J. Erickson. (2008) The Art of Exploitation, 2nd Ed. , No Starch Press
A. Shostack. (2014) Threat Modeling: Designing for Security. , Wiley
D. Stuttard and M. Pinto. (2011) The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Ed. , Wiley

Other Relevant Texts:

Programme(s) in which this Module is Offered:

Semester(s) Module is Offered:

Spring

Module Leader:

mark.burkley@ul.ie