252-0811-00L  Applied Security Laboratory

SemesterHerbstsemester 2022
DozierendeD. Basin
Periodizitätjährlich wiederkehrende Veranstaltung
LehrspracheEnglisch
KommentarNumber of participants limited to 48.



Lehrveranstaltungen

NummerTitelUmfangDozierende
252-0811-00 PApplied Security Laboratory7 Std.
Do10:15-13:00LEE D 101 »
D. Basin

Katalogdaten

KurzbeschreibungHands-on course on applied aspects of information security. Applied
information security, operating system security, OS hardening, computer forensics, web application security, project work, design, implementation, and configuration of security mechanisms, risk analysis, system review.
LernzielThe Applied Security Laboratory addresses four major topics: operating system security (hardening, vulnerability scanning, access control, logging), application security with an emphasis on web applications (web server setup, common web exploits, authentication, session handling, code security), computer forensics, and risk analysis and risk management.
InhaltThis course emphasizes applied aspects of Information Security. The students will study a number of topics in a hands-on fashion and carry out experiments in order to better understand the need for secure implementation and configuration of IT systems and to assess the effectivity and impact of security measures. This part is based on a book and virtual machines that include example applications, questions, and answers.

The students will also complete an independent project: based on a set of functional requirements, they will design and implement a prototypical IT system. In addition, they will conduct a thorough security analysis and devise appropriate security measures for their systems. Finally, they will carry out a technical and conceptual review of another system. All project work will be performed in teams and must be properly documented.
SkriptThe course is based on the book "Applied Information Security - A Hands-on Approach". More information: http://www.infsec.ethz.ch/appliedlabbook
LiteraturRecommended reading includes:
* Pfleeger, Pfleeger: Security in Computing, Third Edition, Prentice Hall, available online from within ETH
* Garfinkel, Schwartz, Spafford: Practical Unix & Internet Security, O'Reilly & Associates.
* Various: OWASP Guide to Building Secure Web Applications, available online
* Huseby: Innocent Code -- A Security Wake-Up Call for Web Programmers, John Wiley & Sons.
* Scambray, Schema: Hacking Exposed Web Applications, McGraw-Hill.
* O'Reilly, Loukides: Unix Power Tools, O'Reilly & Associates.
* Frisch: Essential System Administration, O'Reilly & Associates.
* NIST: Risk Management Guide for Information Technology Systems, available online as PDF
* BSI: IT-Grundschutzhandbuch, available online
Voraussetzungen / Besonderes* The lab allows flexible working since there are only few mandatory meetings during the semester.
* The lab covers a variety of different techniques. Thus, participating students should have a solid foundation in the following areas: information security, operating system administration (especially Unix/Linux), and networking. Students are also expected to have a basic understanding of HTML, PHP, JavaScript, and MySQL because several examples are implemented in these languages.
* Students must be prepared to spend more than three hours per week to complete the lab assignments and the project. This applies particularly to students who do not meet the recommended requirements given above. Successful participants of the course receive 8 credits as compensation for their effort.
* All participants must sign the lab's charter and usage policy during the introduction lecture.

Leistungskontrolle

Information zur Leistungskontrolle (gültig bis die Lerneinheit neu gelesen wird)
Leistungskontrolle als Semesterkurs
ECTS Kreditpunkte8 KP
PrüfendeD. Basin
Formunbenotete Semesterleistung
PrüfungsspracheEnglisch
RepetitionRepetition nur nach erneuter Belegung der Lerneinheit möglich.
Zusatzinformation zum PrüfungsmodusThe deliverables and their contribution towards the semester performance are:
1) an individual lab journal documenting each student’s work with the book (20%) and
2) the project deliverables which are handed in as a group (80%).

Last cancellation/deregistration date for this ungraded semester performance: October 7th! Please note that after that date no deregistration will be accepted and the course will be considered as "fail".

Lernmaterialien

 
HauptlinkCourse web page
Es werden nur die öffentlichen Lernmaterialien aufgeführt.

Gruppen

Keine Informationen zu Gruppen vorhanden.

Einschränkungen

PlätzeMaximal 48
VorrangDie Belegung der Lerneinheit ist nur durch die primäre Zielgruppe möglich
Primäre ZielgruppeCyber Security MSc (260000)
Cyber Security MSc (EPFL) (260100)
Informatik MSc (263000)
Informatik (Mobilität) (274000)
WartelisteBis 02.10.2022
BelegungsendeBelegung nur bis 07.10.2022 möglich

Angeboten in

StudiengangBereichTyp
Cyber Security MasterWahlfächerWInformation
Informatik MasterPraktische ArbeitWInformation