- Garant předmětu:
- Department of Information Security
The course gives a professional and academic introduction to computer and information security using the ethical hacking approach, which enables improved defence thanks to adopting an attacker mindset when discovering vulnerabilities, hands-on experience with different attacks, facilitates linking theory and practice in significant areas of one's digital literacy, and can therefore be utilized by (future) security professionals, (informed) decision-makers, (savvy) users and developers alike.
This course is taught in English.
Recommended knowledge: OS Linux, web applications, database systems (SQL), basics of computer networks, and cryptography. It is an advantage to have the following courses completed or take them together with BI-EHA: BI-PS1, BI-DBS, BI-BEZ, BI-PSI a BI-TWA.1
- Syllabus of lectures:
1. Introduction to Ethical Hacking and Penetration Testing
2. Sniffing, Spoofing & Traffic Analysis
3. Web Security I
4. Web Security II
5. Web Security III
6. Wireless Security
7. Authentication, Credentials, Passwords
9. Operating Systems Security
10. Android Security
11. Embedded Systems Security, Automotive
12. Cloud Security
- Syllabus of tutorials:
Lectures are intertwined with exercises/tutorials.
- Study Objective:
Upon completion of the course, the students will:
* be introduced to (both theory and practice of) common computer and information security vulnerabilities in their interdisciplinary nature
* be able to perform basic penetration testing tasks (as defined by pentest-standard.org) using software tools and their own program code
* understand the broader context of cybersecurity (macro level), the wide range of related topics for further self-driven education and/or professional /academic specialization, and become savvier ICT users and developers (micro level)
* perceive ethical hacking as a 'problem-discovery' and 'problem-solving' tool (as opposed to 'problem-creating' tool)
- Study materials:
 P. Engebretson, The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, 2nd edition. Amsterdam; Boston: Syngress, 2013.
 G. Weidman, Penetration Testing: A Hands-On Introduction to Hacking, 1st edition. San Francisco: No Starch Press, 2014.
 D. Regalado et al., Gray Hat Hacking The Ethical Hacker's Handbook, 4th edition. McGraw-Hill Education, 2015.
 P. Kim, The Hacker Playbook 2: Practical Guide To Penetration Testing. CreateSpace Independent Publishing Platform, 2015.
 T. J. O'Connor, Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers, 1st edition. Amsterdam; Boston: Syngress, 2012.
 J. Seitz, Black Hat Python: Python Programming for Hackers and Pentesters, 1st edition. San Francisco: No Starch Press, 2014.
 J. Seitz, Gray Hat Python: Python Programming for Hackers and Reverse Engineers, 1st edition. San Francisco: No Starch Press, 2009.
 D. Kennedy et al., Metasploit: The Penetration Tester's Guide, 1st edition. San Francisco: No Starch Press, 2011.
 C. P. Paulino, Nmap 6: Network Exploration and Security Auditing Cookbook. Birmingham, UK: Packt Publishing, 2012.
 C. Sanders, Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 2nd edition. San Francisco, CA: No Starch Press, 2011.
 T. Heriyanto et al., Kali Linux: Assuring Security By Penetration Testing. Birmingham, UK: Packt Publishing, 2014
- Further information:
- No time-table has been prepared for this course
- The course is a part of the following study plans:
- Bachelor branch Security and Information Technology, in Czech, 2015-2020 (elective course)