- Knowledge of the general concepts, practices and standards for security assessment of IT systems - Knowledge of software security and code security - Knowledge of the main techniques for security verification of IT systems and secure coding - Knowledge of the main techniques for vulnerability assessment and penetration testing - Ability to apply the learned techniques with some commonly available tools.

- Knowledge of procedural and object-oriented programming languages (C and Java) and corresponding programming skills. - Basic knowledge of computer network architectures, TCP/IP, and HTTP. - Basic knowledge of web applications, web programming languages, and web application security. - Knowledge of the main categories of attack against IT systems. - Knowledge of the main concepts (encryption and digest) and technologies (PKI, firewall, VPN, TLS, S/MIME, e-documents) for IT security. - Knowledge of the security architectures for authentication and access control. - Ability to analyze the risks of a distributed application.

General concepts and practice for security assessment (1CFU) - Definition and classification of security assessment techniques (e.g., static vs dynamic, white box vs black box, vulnerability assessment, penetration testing, formal verification, ethical hacking) - Security assessment and certification standards. Security Verification (2CFU) - formal verification techniques and tools (dataflow and control flow static code analysis, model checking, theorem proving) - formal verification of security protocols and security-aware distributed applications Software and Code Security Verification and Testing (3CFU) - software security and main code vulnerabilities - static and dynamic code analysis for security verification and vulnerability assessment (taint analysis, symbolic and concolic execution, dynamic analysis). Vulnerability Assessment and Penetration Testing (VAPT) (2CFU) - information gathering and scanning techniques and tools with various scopes (host, net DB, service) - penetration testing techniques and tools: attack techniques, exploits, password cracking, decompilers.

The course is structured into lectures in the classroom (5.9 credits) and laboratories (2.1 credits), consisting of the experimentation of the techniques and tools presented in the lectures. The students will discuss their solutions to the assigned exercises during the labs with the teachers.

The teachers will provide the material (copy of slides and links to online resources) on the course website.

Lecture slides; Video lectures (current year);

Exam: Optional oral exam; Computer-based written test in class using POLITO platform;

The exam consists of a written test that may include open-answer and closed-answer questions to check that the student has acquired the expected knowledge and skills (see expected learning outcomes). The questions about the skills may be simple exercises or use cases related to the tools experimented with in the laboratories. For each question, the maximum grade that can be obtained is specified and made visible to the students during the exam. The final grade will be the sum of the grades assigned to the answers given to the questions. Laude is assigned if the sum of grades exceeds or equals 31. The written test will be taken using the Exams platform in a classroom. In case of technical problems, the students may be asked to write their test with pencil and paper. The total duration of the test, as measured by the Exams platform, which includes the setup time, is 1 hour and 10 minutes. The test is closed-book, i.e. the student cannot consult any material during the test and cannot use any electronic device except the PC used for the test. The teachers will request an oral exam only if there are doubts about the evaluation of the written test. The oral exam will consist of additional questions to resolve the teachers' doubts about the evaluation. A sample exam test will be made available to the students through the Exercise platform.

In addition to the message sent by the online system, students with disabilities or Specific Learning Disorders (SLD) are invited to directly inform the professor in charge of the course about the special arrangements for the exam that have been agreed with the Special Needs Unit. The professor has to be informed at least one week before the beginning of the examination session in order to provide students with the most suitable arrangements for each specific type of exam.