Servizi per la didattica
PORTALE DELLA DIDATTICA

Security verification and testing

01TYAOV, 01TYASM

A.A. 2021/22

2020/21

Security verification and testing

The course, taught in English in the first semester of the second year of the Master of Science in Computer Engineering, is one of the characterizing courses of the Cybersecurity track. It aims at presenting the main techniques for assessing the cyber security of IT systems, with particular emphasis on distributed systems. The students are expected to gain the knowledge of such techniques, as well as the ability to apply them by using some of the available tools for verification and testing.

Security verification and testing

The course, taught in English in the first semester of the second year of the Master of Science in Computer Engineering, is one of the characterizing courses of the Cybersecurity track. It aims at presenting the main techniques for assessing the cyber security of IT systems, with particular emphasis on distributed systems. The students are expected to gain the knowledge of such techniques, as well as the ability to apply them by using some of the available tools for verification and testing.

Security verification and testing

- Knowledge of the general concepts, practice, and standards for security assessment - Knowledge of the main techniques for security verification - Knowledge of the main techniques for vulnerability assessment and penetration testing - Skill to apply the learned techniques with some of the commonly available tools.

Security verification and testing

- Knowledge of the general concepts, practice, and standards for security assessment - Knowledge of the main techniques for security verification - Knowledge of the main techniques for vulnerability assessment and penetration testing - Skill to apply the learned techniques with some of the commonly available tools.

Security verification and testing

Knowledge of procedural and object oriented programming languages, and corresponding programming skills. Basic knowledge of computer network architectures, TCP/IP, HTTP. Basic knowledge of web applications and web programming languages. It is assumed, also, that the students have taken the Information System Security course. The following learning outcomes coming from that course will be exploited: - Knowledge of the main categories of attack against IT systems. - Knowledge of the main concepts (encryption and digest) and technologies (PKI, firewall, VPN, TLS, S/MIME, e-documents) for IT security. - Knowledge of the security architectures for authentication and access control. - Ability to analyze the risks of a network application.

Security verification and testing

Knowledge of procedural and object oriented programming languages, and corresponding programming skills. Basic knowledge of computer network architectures, TCP/IP, HTTP. Basic knowledge of web applications and web programming languages. It is assumed, also, that the students have taken the Information System Security course. The following learning outcomes coming from that course will be exploited: - Knowledge of the main categories of attack against IT systems. - Knowledge of the main concepts (encryption and digest) and technologies (PKI, firewall, VPN, TLS, S/MIME, e-documents) for IT security. - Knowledge of the security architectures for authentication and access control. - Ability to analyze the risks of a network application.

Security verification and testing

General concepts and practice for security assessment (1CFU) - Definition and classification of security assessment techniques (static vs dynamic, white box vs black box, vulnerability assessment, penetration testing, formal verification, ethical hacking, etc) - Security assessment and certification standards Security Verification (3CFU) - formal verification techniques and tools (dataflow and controlflow static code analysis, model checking, theorem proving) - formal verification of security protocols and security-aware applications - static code analysis for security verification and vulnerability assessment (taint analysis, symbolic and concolic execution) Vulnerability Assessment and Penetration Testing (VAPT) (2CFU) - information gathering and scanning techniques and tools with various scopes (host, net DB, service) - penetration testing techniques: attack techniques, exploit

Security verification and testing

General concepts and practice for security assessment (1CFU) - Definition and classification of security assessment techniques (static vs dynamic, white box vs black box, vulnerability assessment, penetration testing, formal verification, ethical hacking, etc) - Security assessment and certification standards Security Verification (3CFU) - formal verification techniques and tools (dataflow and controlflow static code analysis, model checking, theorem proving) - formal verification of security protocols, security-aware applications, networked systems - static code analysis for security verification and vulnerability assessment (taint analysis, symbolic and concolic execution). Vulnerability Assessment and Penetration Testing (VAPT) (2CFU) - information gathering and scanning techniques and tools with various scopes (host, net DB, service) - penetration testing techniques and tools: attack techniques, exploit, password cracking, decompilers.

Security verification and testing

Security verification and testing

Security verification and testing

The course is structured into lectures in classroom (4.5 credits), and laboratories (1.5 credits) consisting of exercises on the experimentation of the techniques and tools presented in the lectures. During the labs the students will discuss with the teachers on their solutions to the assigned exercises.

Security verification and testing

The course is structured into lectures in classroom (4.5 credits), and laboratories (1.5 credits) consisting of the experimentation of the techniques and tools presented in the lectures. During the labs the students will discuss with the teachers on their solutions to the assigned exercises.

Security verification and testing

The teachers will provide the material (copy of slides and links to on-line resources) on the website of the course.

Security verification and testing

The teachers will provide the material (copy of slides and links to on-line resources) on the website of the course.

Security verification and testing

Modalitą di esame: Prova scritta a risposta aperta o chiusa tramite PC con l'utilizzo della piattaforma di ateneo Exam integrata con strumenti di proctoring (Respondus);

Security verification and testing

The exam consists of verifying the expected knowledge and skills acquired by the student (see expected learning outcomes). The exam consists in a written test including open-answer or closed-answer questions aiming at checking that the student has acquired the expected knowledge and skills. The questions may also be simple exercises or use cases related to the tools experimented in the laboratories. The test is closed-book, i.e. the student cannot consult any material during the test and cannot use any electronic device, with the exception of the PC used for the online test. An oral exam will be requested only in case of doubts about the evaluation of the test.

Security verification and testing

Exam: Computer-based written test with open-ended questions or multiple-choice questions using the Exam platform and proctoring tools (Respondus);

Security verification and testing

The exam consists of verifying the expected knowledge and skills acquired by the student (see expected learning outcomes). The exam consists in a written test including open-answer or closed-answer questions aiming at checking that the student has acquired the expected knowledge and skills. The questions may also be simple exercises or use cases related to the tools experimented in the laboratories. The test is closed-book, i.e. the student cannot consult any material during the test and cannot use any electronic device, with the exception of the PC used for the online test. An oral exam will be requested only in case of doubts about the evaluation of the test.

Security verification and testing

Modalitą di esame: Prova scritta (in aula); Prova scritta a risposta aperta o chiusa tramite PC con l'utilizzo della piattaforma di ateneo Exam integrata con strumenti di proctoring (Respondus);

Security verification and testing

The students can choose to take the exam in one of the two forms: online and onsite. The onsite and online tests are the same (see previous exam mode)

Security verification and testing

Exam: Written test; Computer-based written test with open-ended questions or multiple-choice questions using the Exam platform and proctoring tools (Respondus);

Security verification and testing

The students can choose to take the exam in one of the two forms: online and onsite. The onsite and online tests are the same (see previous exam mode).

Esporta Word


© Politecnico di Torino
Corso Duca degli Abruzzi, 24 - 10129 Torino, ITALY
Contatti