- Knowledge of the general concepts, practice, and standards for security assessment - Knowledge of the main techniques for security verification - Knowledge of the main techniques for vulnerability assessment and penetration testing - Skill to apply the learned techniques with some of the commonly available tools.

Knowledge of procedural and object oriented programming languages, and corresponding programming skills. Basic knowledge of computer network architectures, TCP/IP, HTTP. Basic knowledge of web applications and web programming languages. It is assumed, also, that the students have taken the Information System Security course. The following learning outcomes coming from that course will be exploited: - Knowledge of the main categories of attack against IT systems. - Knowledge of the main concepts (encryption and digest) and technologies (PKI, firewall, VPN, TLS, S/MIME, e-documents) for IT security. - Knowledge of the security architectures for authentication and access control. - Ability to analyze the risks of a network application.

General concepts and practice for security assessment (1CFU) - Definition and classification of security assessment techniques (static vs dynamic, white box vs black box, vulnerability assessment, penetration testing, formal verification, ethical hacking, etc) - Security assessment and certification standards Security Verification (3CFU) - formal verification techniques and tools (dataflow and controlflow static code analysis, model checking, theorem proving) - formal verification of security protocols, security-aware applications, networked systems - static code analysis for security verification and vulnerability assessment (taint analysis, symbolic and concolic execution). Vulnerability Assessment and Penetration Testing (VAPT) (2CFU) - information gathering and scanning techniques and tools with various scopes (host, net DB, service) - penetration testing techniques and tools: attack techniques, exploit, password cracking, decompilers.

The course is structured into lectures in classroom (4.5 credits), and laboratories (1.5 credits) consisting of the experimentation of the techniques and tools presented in the lectures. During the labs the students will discuss with the teachers on their solutions to the assigned exercises.

The teachers will provide the material (copy of slides and links to on-line resources) on the website of the course.

Exam: Computer-based written test using the PoliTo platform;

The exam consists of verifying the expected knowledge and skills acquired by the student (see expected learning outcomes). The exam consists in a written test including open-answer or closed-answer questions aiming at checking that the student has acquired the expected knowledge and skills. The questions may also be simple exercises or use cases related to the tools experimented in the laboratories. The test is closed-book, i.e. the student cannot consult any material during the test and cannot use any electronic device, with the exception of the PC used for the online test. An oral exam will be requested only in case of doubts about the evaluation of the test.

Exam: Written test; Computer-based written test using the PoliTo platform;

The students can choose to take the exam in one of the two forms: online and onsite. The onsite and online tests are the same (see previous exam mode).