Servizi per la didattica
PORTALE DELLA DIDATTICA

Security verification and testing

01TYAOV, 01TYASM

A.A. 2021/22

2021/22

Security verification and testing

The course, taught in English in the first semester of the second year of the Master of Science in Computer Engineering, is one of the characterizing courses of the Cybersecurity track. It aims at presenting the main techniques for assessing the cyber security of IT systems, with particular emphasis on distributed systems. The students are expected to gain the knowledge of such techniques, as well as the ability to apply them by using some of the available tools for verification and testing.

Security verification and testing

The course, taught in English in the first semester of the second year of the Master of Science in Computer Engineering, is one of the characterizing courses of the Cybersecurity track. It aims at presenting the main techniques for assessing the cyber security of IT systems, with particular emphasis on distributed systems. The students are expected to gain the knowledge of such techniques, as well as the ability to apply them by using some of the available tools for verification and testing.

Security verification and testing

- Knowledge of the general concepts, practice, and standards for security assessment - Knowledge of the main techniques for security verification - Knowledge of the main techniques for vulnerability assessment and penetration testing - Skill to apply the learned techniques with some of the commonly available tools.

Security verification and testing

- Knowledge of the general concepts, practice, and standards for security assessment of IT systems - Knowledge of the main techniques for security verification of IT systems - Knowledge of the main techniques for vulnerability assessment and penetration testing - Skill to apply the learned techniques with some of the commonly available tools.

Security verification and testing

Knowledge of procedural and object oriented programming languages, and corresponding programming skills. Basic knowledge of computer network architectures, TCP/IP, HTTP. Basic knowledge of web applications and web programming languages. It is assumed, also, that the students have taken the Information System Security course. The following learning outcomes coming from that course will be exploited: - Knowledge of the main categories of attack against IT systems. - Knowledge of the main concepts (encryption and digest) and technologies (PKI, firewall, VPN, TLS, S/MIME, e-documents) for IT security. - Knowledge of the security architectures for authentication and access control. - Ability to analyze the risks of a network application.

Security verification and testing

Knowledge of procedural and object oriented programming languages (C and Java), and corresponding programming skills. Basic knowledge of computer network architectures, TCP/IP, HTTP. Basic knowledge of web applications and web programming languages. It is assumed, also, that the students have taken the Information System Security course. The following learning outcomes coming from that course will be exploited: - Knowledge of the main categories of attack against IT systems. - Knowledge of the main concepts (encryption and digest) and technologies (PKI, firewall, VPN, TLS, S/MIME, e-documents) for IT security. - Knowledge of the security architectures for authentication and access control. - Ability to analyze the risks of a network application.

Security verification and testing

General concepts and practice for security assessment (1CFU) - Definition and classification of security assessment techniques (static vs dynamic, white box vs black box, vulnerability assessment, penetration testing, formal verification, ethical hacking, etc) - Security assessment and certification standards Security Verification (3CFU) - formal verification techniques and tools (dataflow and controlflow static code analysis, model checking, theorem proving) - formal verification of security protocols and security-aware applications - static code analysis for security verification and vulnerability assessment (taint analysis, symbolic and concolic execution) Vulnerability Assessment and Penetration Testing (VAPT) (2CFU) - information gathering and scanning techniques and tools with various scopes (host, net DB, service) - penetration testing techniques: attack techniques, exploit

Security verification and testing

General concepts and practice for security assessment (1CFU) - Definition and classification of security assessment techniques (static vs dynamic, white box vs black box, vulnerability assessment, penetration testing, formal verification, ethical hacking, etc) - Security assessment and certification standards Security Verification (3CFU) - formal verification techniques and tools (dataflow and controlflow static code analysis, model checking, theorem proving) - formal verification of security protocols and security-aware distributed applications - static code analysis for security verification and vulnerability assessment (taint analysis, symbolic and concolic execution). Vulnerability Assessment and Penetration Testing (VAPT) (2CFU) - information gathering and scanning techniques and tools with various scopes (host, net DB, service) - penetration testing techniques and tools: attack techniques, exploit, password cracking, decompilers.

Security verification and testing

Security verification and testing

Security verification and testing

The course is structured into lectures in classroom (4.5 credits), and laboratories (1.5 credits) consisting of exercises on the experimentation of the techniques and tools presented in the lectures. During the labs the students will discuss with the teachers on their solutions to the assigned exercises.

Security verification and testing

The course is structured into lectures in classroom (4.2 credits), and laboratories (1.8 credits) consisting of the experimentation of the techniques and tools presented in the lectures. During the labs the students will discuss with the teachers on their solutions to the assigned exercises.

Security verification and testing

The teachers will provide the material (copy of slides and links to on-line resources) on the website of the course.

Security verification and testing

The teachers will provide the material (copy of slides and links to on-line resources) on the website of the course.

Security verification and testing

Modalitą di esame: Test informatizzato in laboratorio; Prova scritta (in aula); Prova orale facoltativa;

Security verification and testing

Security verification and testing

Exam: Computer lab-based test; Written test; Optional oral exam;

Security verification and testing

The exam consists of verifying the expected knowledge and skills acquired by the student (see expected learning outcomes). The exam consists in a written test that may include open-answer and closed-answer questions aiming at checking that the student has acquired the expected knowledge and skills. For the part about skills, the questions may also be simple exercises or use cases related to the tools experimented in the laboratories. For each question, the maximum grade that can be obtained is specified. The final grade will be the sum of the grades assigned to the answers given to the questions. The written test will be taken by means of the Exams platform, in a laboratory. In case of technical problems, the students may be asked to write their test with pencil and paper. The total duration of the test, as measured by the exams platform, which includes the setup time, is 1 hour and 10 minutes. The test is closed-book, i.e. the student cannot consult any material during the test and cannot use any electronic device, with the exception of the Lab PC used for the test. An oral exam will be requested by the teachers only in case of doubts about the evaluation of the written test. The oral exam will consist of extra questions aiming at resolving the doubts the teachers had in the evaluation.

Security verification and testing

Modalitą di esame: Prova orale facoltativa; Prova scritta a risposta aperta o chiusa tramite PC con l'utilizzo della piattaforma di ateneo Exam integrata con strumenti di proctoring (Respondus);

Security verification and testing

The exam consists of verifying the expected knowledge and skills acquired by the student (see expected learning outcomes). The exam consists in a written test including open-answer or closed-answer questions aiming at checking that the student has acquired the expected knowledge and skills. The questions may also be simple exercises or use cases related to the tools experimented in the laboratories. The test is closed-book, i.e. the student cannot consult any material during the test and cannot use any electronic device, with the exception of the PC used for the online test. An oral exam will be requested only in case of doubts about the evaluation of the test.

Security verification and testing

Exam: Optional oral exam; Computer-based written test with open-ended questions or multiple-choice questions using the Exam platform and proctoring tools (Respondus);

Security verification and testing

The exam consists of verifying the expected knowledge and skills acquired by the student (see expected learning outcomes). The exam consists in a written test that may include open-answer and closed-answer questions aiming at checking that the student has acquired the expected knowledge and skills. For the part about skills, the questions may also be simple exercises or use cases related to the tools experimented in the laboratories. For each question, the maximum grade that can be obtained is specified. The final grade will be the sum of the grades assigned to the answers given to the questions. The written test will be taken by means of the Exams platform, at home, with proctoring tools. The total duration of the test, as measured by the exams platform, which includes the setup time, is 1 hour and 10 minutes. The test is closed-book, i.e. the student cannot consult any material during the test and cannot use any electronic device, with the exception of the PC used for the online test. An oral exam will be requested by the teachers only in case of doubts about the evaluation of the written test. The oral exam will consist of extra questions aiming at resolving the doubts the teachers had in the evaluation.

Security verification and testing

Modalitą di esame: Prova scritta (in aula); Prova orale facoltativa; Prova scritta a risposta aperta o chiusa tramite PC con l'utilizzo della piattaforma di ateneo Exam integrata con strumenti di proctoring (Respondus);

Security verification and testing

The students can choose to take the exam in one of the two forms: online and onsite. The onsite and online tests are the same (see previous exam mode)

Security verification and testing

Exam: Written test; Optional oral exam; Computer-based written test with open-ended questions or multiple-choice questions using the Exam platform and proctoring tools (Respondus);

Security verification and testing

If admitted to the blended exam, the students can choose to take the exam in one of the two forms: online and onsite. The onsite and online tests are the same (see previous exam modes). An oral exam will be requested by the teachers only in case of doubts about the evaluation of the written test. The oral exam will consist of extra questions aiming at resolving the doubts the teachers had in the evaluation.

Esporta Word


© Politecnico di Torino
Corso Duca degli Abruzzi, 24 - 10129 Torino, ITALY
Contatti