Software ExploitationLaajuus (5 cr)

Objective

The student is aware of the most common application vulnerabilities and how they affect new and existing applications. The student is also able to find, exploit and fix common application vulnerabilities. The student is also familiar with safety mechanisms built into modern operating systems to make exploitation more difficult.

EUR-ACE Knowledge and understanding
Knowledge and understanding of the engineering sciences underlying one's field of specialization at a level necessary to achieve the other learning outcomes of the program, including an understanding of future requirements in one's own field. Knowledge and understanding of applicable analysis, design and research/development techniques and methods and their limitations in one's own area of specialization.

EUR-ACE Engineering practice
The ability to identify, formulate and solve complex problems, choose and have the practical skills to apply well-established analytical, computational and experimental techniques and methods applicable to the situation.

Content

The course covers most common application vulnerabilities: what causes them, how they are exploited and how to fix or mitigate them.
Basic knowledge of programming logic and data structures and algorithms is required. Knowledge of one scripting language (e.g. Python) is recommended.
You gain additional knowledge about:

Debugger(s)
Common application vulnerabilities

Qualifications

Auditing and Penetration Testing
Linux basics and administration
Basics of programming

Assessment criteria, satisfactory (1)

Sufficient (1)
The student knows and understands the basic concepts of exploiting software vulnerabilities and the related theory. The student knows how to use tools enabling the exploitation of software vulnerabilities with assistance.

Satisfactory (2)
The student knows and understands the basic concepts of exploiting software vulnerabilities and the related theory. The student knows how to use the tools enabling the exploitation of software vulnerabilities in a controlled manner.

Assessment criteria, good (3)

Good (3)
The student knows and understands the basic concepts of exploiting software vulnerabilities and the related theory in a versatile manner. The student knows how to use tools that enable exploiting software vulnerabilities.

Very good (4)
The student knows and understands the concepts of exploiting software vulnerabilities and the related theory in a versatile way. The student knows how to use tools that enable the exploitation of software vulnerabilities in an advanced manner.

Assessment criteria, excellent (5)

Excellent (5)
The student knows and understands the concepts of exploiting software vulnerabilities and the related theory excellently. The student knows how to use and select suitable tools that enable the exploitation of software vulnerabilities in an advanced manner and is able to use new tools independently.