Siirry suoraan sisältöön

Ohjelmistohaavoittuvuudet ja niiden hyväksikäyttöLaajuus (5 op)

Tunnus: TTC6520

Laajuus

5 op

Opetuskieli

  • suomi
  • englanti

Vastuuhenkilö

  • Joonatan Ovaska

Osaamistavoitteet

The student is aware of the most common application vulnerabilities and how they affect new and existing applications. The student is also able to find, exploit and fix common application vulnerabilities. The student is also familiar with safety mechanisms built into modern operating systems to make exploitation more difficult.

Opintojakson osaamiset
EUR-ACE Tieto ja ymmärrys
- Tieto ja ymmärrys oman erikoistumisalan perustana olevista insinööritieteistä tasolla, joka on tarpeen ohjelman muiden oppimistulosten saavuttamiseksi, mukaan lukien käsitys tulevaisuuden vaatimuksista omalla alalla.
- Tieto ja ymmärrys soveltuvista materiaaleista, laitteista, työvälineistä, teknologioista ja prosesseista sekä niiden rajoituksista omalla erikoistumisalalla.
- Tieto ja ymmärrys soveltuvista analyysi-, suunnittelu- ja tutkimus/kehittämistekniikoista ja -menetelmistä sekä niiden rajoituksista omalla erikoistumisalalla.
EUR-ACE Tekniikan soveltaminen käytäntöön
- Kyky tunnistaa, muotoilla ja ratkaista monimutkaisia ongelmia kyeten valitsemaan ja omaten käytännön taidot soveltaa tilanteeseen soveltuvia, vakiintuneita analyyttisiä, laskennallisia ja kokeellisia tekniikoita ja menetelmiä.
- Kyky selvittää oman alan ammattikäytän-töä koskevat ohjeet ja turvallisuus-määräykset sekä soveltaa niitä.

Sisältö

The course will cover most common application vulnerabilities, what causes them, how they are exploited and how to fix or mitigate them. Basic knowledge of C or C++ and data structures and algorithms is required. Knowledge of one scripting language (e.g. Python) is recommended.

Esitietovaatimukset

Basics in programming, Data structures and algorithms

Arviointikriteerit, tyydyttävä (1)

Satisfactory (2): The student understands the most basic topics discussed during the course, however, struggles to utilize this knowledge.
Sufficient (1): The student is familiar with the basic topics discussed during the course. He is able to solve problems related to the topics only in the simplest of cases.
Fail 0: The student does not meet the minimum criteria set for the course.

Arviointikriteerit, hyvä (3)

Very good (4): The student understands the most important topics discussed during the course and is able to utilize this knowledge in the most common cases.
Good (3): The student understands the most important topics discussed during the course and is able to utilize this knowledge in the most basic cases.

Arviointikriteerit, kiitettävä (5)

Excellent (5): The student understands all topics discussed during the course and is able to use them in an innovative manner even in challenging cases.

Enrollment

18.11.2024 - 09.01.2025

Timing

13.01.2025 - 30.04.2025

Number of ECTS credits allocated

5 op

Virtual portion

5 op

Mode of delivery

Online learning

Unit

School of Technology

Campus

Lutakko Campus

Teaching languages
  • English
Seats

0 - 35

Degree programmes
  • Bachelor's Degree Programme in Information and Communications Technology
  • Bachelor's Degree Programme in Information and Communications Technology
Teachers
  • Joonatan Ovaska
Groups
  • TTV22S5
    Tieto- ja viestintätekniikka (AMK)
  • TTV22S2
    Tieto- ja viestintätekniikka (AMK)
  • TTV22S3
    Tieto- ja viestintätekniikka (AMK)
  • TIC22S1
    Bachelor's Degree Programme in Information and Communications Technology
  • TTV22S1
    Tieto- ja viestintätekniikka (AMK)
  • TTV22SM
    Tieto- ja viestintätekniikka (AMK)
  • TTV22S4
    Tieto- ja viestintätekniikka (AMK)
  • TTV22SM2
    Tieto- ja viestintätekniikka (AMK)

Objective

The student knows the most common application vulnerabilities and how they affect new and existing applications. The student is also able to find, exploit and fix common application vulnerabilities. The student is also familiar with safety mechanisms built into modern operating systems to make exploitation more difficult.

Competences
EUR-ACE: Knowledge and understanding 
EUR-ACE: Engineering practice 

Content

The course will cover most common application vulnerabilities, what causes them, how they are exploited and how to fix or mitigate them. Basic knowledge of C or C++ and data structures and algorithms is required. Knowledge of one scripting language (e.g. Python) is recommended.

Oppimateriaali ja suositeltava kirjallisuus

Materials in the e-learning environment and a book: Hacking : the art of exploitation 2nd edition

Teaching methods

- lectures
- independent study
- distance learning
- webinars
- exercises
- learning tasks
- book

Exam schedules

No exam, assessment is based on assignments.

Vaihtoehtoiset suoritustavat

The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.

Student workload

One credit (1 Cr) corresponds to an average of 27 hours of work.

- lectures 10 h
- reading assignments 15 h
- independent study 60 h
- assignment solving 40 h
- assignment reporting 10 h
Total 135 h

Content scheduling

We start by going through whole course theory, after all theory parts, we'll continue with hands-on assignments for the rest of the course.

Further information

Points from the quizzes and from the labs. No exam

Evaluation scale

0-5

Arviointikriteerit, tyydyttävä (1-2)

Satisfactory (2): The student understands the most basic topics discussed during the course, however, struggles to utilize this knowledge.
Sufficient (1): The student is familiar with the basic topics discussed during the course. He is able to solve problems related to the topics only in the simplest of cases.
Fail 0: The student does not meet the minimum criteria set for the course.

Arviointikriteerit, hyvä (3-4)

Very good (4): The student understands the most important topics discussed during the course and is able to utilize this knowledge in the most common cases.
Good (3): The student understands the most important topics discussed during the course and is able to utilize this knowledge in the most basic cases.

Assessment criteria, excellent (5)

Excellent (5): The student understands all topics discussed during the course and is able to use them in an innovative manner even in challenging cases.

Qualifications

Basics in programming, Data structures and algorithms

Enrollment

01.08.2024 - 22.08.2024

Timing

26.08.2024 - 18.12.2024

Number of ECTS credits allocated

5 op

Mode of delivery

Face-to-face

Unit

School of Technology

Campus

Lutakko Campus

Teaching languages
  • English
Seats

0 - 35

Degree programmes
  • Bachelor's Degree Programme in Information and Communications Technology
  • Bachelor's Degree Programme in Information and Communications Technology
Teachers
  • Joonatan Ovaska
Groups
  • TTV22S5
    Tieto- ja viestintätekniikka (AMK)
  • TTV22S2
    Tieto- ja viestintätekniikka (AMK)
  • TTV22S3
    Tieto- ja viestintätekniikka (AMK)
  • TIC22S1
    Bachelor's Degree Programme in Information and Communications Technology
  • TTV22S1
    Tieto- ja viestintätekniikka (AMK)
  • TTV22S4
    Tieto- ja viestintätekniikka (AMK)

Objective

The student knows the most common application vulnerabilities and how they affect new and existing applications. The student is also able to find, exploit and fix common application vulnerabilities. The student is also familiar with safety mechanisms built into modern operating systems to make exploitation more difficult.

Competences
EUR-ACE: Knowledge and understanding 
EUR-ACE: Engineering practice 

Content

The course will cover most common application vulnerabilities, what causes them, how they are exploited and how to fix or mitigate them. Basic knowledge of C or C++ and data structures and algorithms is required. Knowledge of one scripting language (e.g. Python) is recommended.

Oppimateriaali ja suositeltava kirjallisuus

Materials in the e-learning environment and a book: Hacking : the art of exploitation 2nd edition

Teaching methods

- lectures
- independent study
- distance learning
- webinars
- exercises
- learning tasks
- book

Exam schedules

No exam, assessment is based on assignments.

Vaihtoehtoiset suoritustavat

The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.

Student workload

One credit (1 Cr) corresponds to an average of 27 hours of work.

- lectures 10 h
- reading assignments 15 h
- independent study 60 h
- assignment solving 40 h
- assignment reporting 10 h
Total 135 h

Content scheduling

We start by going through whole course theory, after all theory parts, we'll continue with hands-on assignments for the rest of the course.

Further information

Points from the quizzes and from the lab reports. No exam

Evaluation scale

0-5

Arviointikriteerit, tyydyttävä (1-2)

Satisfactory (2): The student understands the most basic topics discussed during the course, however, struggles to utilize this knowledge.
Sufficient (1): The student is familiar with the basic topics discussed during the course. He is able to solve problems related to the topics only in the simplest of cases.
Fail 0: The student does not meet the minimum criteria set for the course.

Arviointikriteerit, hyvä (3-4)

Very good (4): The student understands the most important topics discussed during the course and is able to utilize this knowledge in the most common cases.
Good (3): The student understands the most important topics discussed during the course and is able to utilize this knowledge in the most basic cases.

Assessment criteria, excellent (5)

Excellent (5): The student understands all topics discussed during the course and is able to use them in an innovative manner even in challenging cases.

Qualifications

Basics in programming, Data structures and algorithms

Enrollment

01.08.2023 - 24.08.2023

Timing

30.10.2023 - 19.12.2023

Number of ECTS credits allocated

5 op

Virtual portion

4 op

Mode of delivery

20 % Face-to-face, 80 % Online learning

Unit

School of Technology

Campus

Lutakko Campus

Teaching languages
  • English
Seats

0 - 35

Degree programmes
  • Bachelor's Degree Programme in Information and Communications Technology
  • Bachelor's Degree Programme in Information and Communications Technology
Teachers
  • Joonatan Ovaska
Groups
  • TTV21S3
    Tieto- ja viestintätekniikka (AMK)
  • TTV21S5
    Tieto- ja viestintätekniikka (AMK)
  • TIC21S1
    Bachelor's Degree Programme in Information and Communications Technology
  • TTV21S2
    Tieto- ja viestintätekniikka (AMK)
  • TTV21S1
    Tieto- ja viestintätekniikka (AMK)

Objective

The student knows the most common application vulnerabilities and how they affect new and existing applications. The student is also able to find, exploit and fix common application vulnerabilities. The student is also familiar with safety mechanisms built into modern operating systems to make exploitation more difficult.

Competences
EUR-ACE: Knowledge and understanding 
EUR-ACE: Engineering practice 

Content

The course will cover most common application vulnerabilities, what causes them, how they are exploited and how to fix or mitigate them. Basic knowledge of C or C++ and data structures and algorithms is required. Knowledge of one scripting language (e.g. Python) is recommended.

Location and time

- First contact on campus, rest of them online
- Guidance sessions on campus

Oppimateriaali ja suositeltava kirjallisuus

Materials in the e-learning environment and a book: Hacking : the art of exploitation 2nd edition

Teaching methods

- lectures
- independent study
- distance learning
- webinars
- exercises
- learning tasks
- book

Exam schedules

No exam, assessment is based on assignments.

Vaihtoehtoiset suoritustavat

The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.

Student workload

One credit (1 Cr) corresponds to an average of 27 hours of work.

- lectures 15 h
- demos and walkthroughs 15 h
- assignment 45 h
- independent study 55 h
Total 135 h

Further information

Points from lab reports. No exam.

Evaluation scale

0-5

Arviointikriteerit, tyydyttävä (1-2)

Satisfactory (2): The student understands the most basic topics discussed during the course, however, struggles to utilize this knowledge.
Sufficient (1): The student is familiar with the basic topics discussed during the course. He is able to solve problems related to the topics only in the simplest of cases.
Fail 0: The student does not meet the minimum criteria set for the course.

Arviointikriteerit, hyvä (3-4)

Very good (4): The student understands the most important topics discussed during the course and is able to utilize this knowledge in the most common cases.
Good (3): The student understands the most important topics discussed during the course and is able to utilize this knowledge in the most basic cases.

Assessment criteria, excellent (5)

Excellent (5): The student understands all topics discussed during the course and is able to use them in an innovative manner even in challenging cases.

Qualifications

Basics in programming, Data structures and algorithms

Ilmoittautumisaika

01.08.2022 - 25.08.2022

Ajoitus

31.10.2022 - 16.12.2022

Opintopistemäärä

5 op

Virtuaaliosuus

4 op

Toteutustapa

20 % Lähiopetus, 80 % Verkko-opetus

Yksikkö

Teknologiayksikkö

Toimipiste

Lutakon kampus

Opetuskielet
  • Suomi
Paikat

0 - 35

Koulutus
  • Tieto- ja viestintätekniikka (AMK)
Opettaja
  • Joonatan Ovaska

Tavoitteet

The student is aware of the most common application vulnerabilities and how they affect new and existing applications. The student is also able to find, exploit and fix common application vulnerabilities. The student is also familiar with safety mechanisms built into modern operating systems to make exploitation more difficult.

Opintojakson osaamiset
EUR-ACE Tieto ja ymmärrys
- Tieto ja ymmärrys oman erikoistumisalan perustana olevista insinööritieteistä tasolla, joka on tarpeen ohjelman muiden oppimistulosten saavuttamiseksi, mukaan lukien käsitys tulevaisuuden vaatimuksista omalla alalla.
- Tieto ja ymmärrys soveltuvista materiaaleista, laitteista, työvälineistä, teknologioista ja prosesseista sekä niiden rajoituksista omalla erikoistumisalalla.
- Tieto ja ymmärrys soveltuvista analyysi-, suunnittelu- ja tutkimus/kehittämistekniikoista ja -menetelmistä sekä niiden rajoituksista omalla erikoistumisalalla.
EUR-ACE Tekniikan soveltaminen käytäntöön
- Kyky tunnistaa, muotoilla ja ratkaista monimutkaisia ongelmia kyeten valitsemaan ja omaten käytännön taidot soveltaa tilanteeseen soveltuvia, vakiintuneita analyyttisiä, laskennallisia ja kokeellisia tekniikoita ja menetelmiä.
- Kyky selvittää oman alan ammattikäytän-töä koskevat ohjeet ja turvallisuus-määräykset sekä soveltaa niitä.

Sisältö

The course will cover most common application vulnerabilities, what causes them, how they are exploited and how to fix or mitigate them. Basic knowledge of C or C++ and data structures and algorithms is required. Knowledge of one scripting language (e.g. Python) is recommended.

Oppimateriaali ja suositeltava kirjallisuus

Verkko-oppimisympäristössä julkaistava sähköinen materiaali, sekä kirja: Hacking : the art of exploitation 2nd edition

Opetusmenetelmät

- luennot
- itseopiskelu
- verkko-opinnot
- webinaarit
- harjoitustyöt
- oppimistehtävät
- kirja

Tenttien ajankohdat ja uusintamahdollisuudet

Ei tenttiä, arviointi perustuu tehtävä suorituksiin.

Vaihtoehtoiset suoritustavat

Hyväksilukemisen menettelytavat kuvataan tutkintosäännössä ja opinto-oppaassa. Opintojakson opettaja antaa lisätietoa mahdollisista opintojakson erityiskäytänteistä.

Opiskelijan ajankäyttö ja kuormitus

Yksi opintopiste (1 op) tarkoittaa keskimäärin 27 tunnin työtä.

- luennot 5 h
- harjoitustyöt 65 h
- itsenäinen työskentely 35 h
Yhteensä 135 h

Lisätietoja opiskelijoille

Pisteitä kerrytetään tehtävistä. Ei tenttiä.

Arviointiasteikko

0-5

Arviointikriteerit, tyydyttävä (1-2)

Satisfactory (2): The student understands the most basic topics discussed during the course, however, struggles to utilize this knowledge.
Sufficient (1): The student is familiar with the basic topics discussed during the course. He is able to solve problems related to the topics only in the simplest of cases.
Fail 0: The student does not meet the minimum criteria set for the course.

Arviointikriteerit, hyvä (3-4)

Very good (4): The student understands the most important topics discussed during the course and is able to utilize this knowledge in the most common cases.
Good (3): The student understands the most important topics discussed during the course and is able to utilize this knowledge in the most basic cases.

Arviointikriteerit, kiitettävä (5)

Excellent (5): The student understands all topics discussed during the course and is able to use them in an innovative manner even in challenging cases.

Esitietovaatimukset

Basics in programming, Data structures and algorithms