COINS IT Security Exercise
Study plans 2016-2017
-
IMT6007
- 5 ECTS
Prerequisite(s)
None
On the basis of
None
Expected learning outcomes
After having completed the course, students are expected to have mastered the following learning outcomes:
Knowledge
- State of the art in discovery and exploitation of IT system vulnerabilities
- Capability and limits of validation of training methods
Skills
- Source code inspection under time pressure
- Ability to find and exploit vulnerabilities in software and systems
- Development of novel attack methods and tools
- Assessment, selection and application of automated vulnerability discovery and removal approaches
- Ability to determine limits, assess relevance and impact of group security exercises for the improvement of secure software development
General competence
- Ability to collaborate and communicate in a team of skilled researchers with diverse backgrounds
Topic(s)
- Vulnerabilities in software
- Methods of manual and automated software inspection
- Participation in an IT security exercise
- Hosting a public IT security exercise
- Secure software development
- Validation of training approaches; motivation, relevance and impact
Teaching Methods
Other
Teaching Methods (additional text)
- Active participation in an IT security exercise, producing write-ups for found and exploited vulnerabilities.
- Individual reflection about relevance of vulnerabilities with respect to actual occurrence in the field, presence in exercises, focus in teaching material.
- Development of teaching material to improve software development training.
Form(s) of Assessment
Other
Form(s) of Assessment (additional text)
Portfolio assessment - students select for inclusion in their portfolio:
- an assessment categorizing challenges in a CTF competition according to vulnerability taxonomies and relating challenges to security vulnerabilities in the field AND
- ONE of the following two options:
- a write-up for one of the solved challenges in a CTF competition AND a documentation of training material/processes/tools to improve the learning experience of software architects and developers AND a (short) survey of approaches to validate training approaches in applied IT security
- a documentation on a hosted CTF competition by the students AND a reflection report on how that competition could improve developer training and how its impact on learning has been (or should be) validated
Grading Scale
Pass/Failure
External/internal examiner
External or internal examiner.
External examiner within 5 years period, next time at latest in 2019.
Re-sit examination
Whole course must be re-taken.
Examination support
None
Coursework Requirements
Two obligatory exercises must be passed. An obligatory exercise will usually consist of a write-up that is not included in the portfolio.
Teaching Materials
Scientific articles and hand-outs provided by lecturers.
Additional information
An exercise needs to have been recognized by the COINS Research School of Computer and Information Security as fulfilling the requirements of Ph.D. training as laid out in the COINS project application.