Advanced Internet Security

Vorlesung mit Uebung (3.0 ECTS) - 183.222

Location, Dates and Times

General Information

  • Weekly lectures are held in EI 8 Pƶtzl HS, 18:00 to 20:00.
  • Challenges will start on Thursdays, 20:00.
  • First challenge starts October 11th!

Dates and Slides

Registration

Registration is handled over the TISS site now!
Once the course has started, register via TISS. We will import your data, and send you the credentials for our environment via email. From that point, all communication is handled via this site. Your account will be valid for the whole semester and give you detailed feedback on submissions, current points etc..

Staff and Contact

Lecturers

This lecture is held as a cooperation between the Secure Systems Lab at the Automation Systems Group (191/3), the Information and Software Engineering Group (194/1) and SBA Research

Tutor

Contact us

If you have questions regarding the lab challenges, please use the TISS Forum to exchange yourself with other students. Our tutor is reading it on a daily basis and usually quick to answer with help. Please refrain from posting (partial) solutions, as you will spoil the fun for others. If you think, you need help beyond that do contact us per email at inetsec@seclab.tuwien.ac.at

Content

Abstract

Advanced Internet Security serves as a continuation for the class Internet Security. The lecture deals with common errors and vulnerabilities as well as ways to detect and avoid them. Examples are used to highlight the general error classes and how they can be abused. In order to teach the subject in the most authentic way, the lecture uses an "offensive approach": Security-related topics are viewed from an attacker's perspective and possible attack scenarios are shown. In practical challenges the students need to exploit previously discussed security vulnerabilities inside a controlled challenge-environment. This improves the students' understanding of the handled topics and helps them to prevent similar mistakes in own projects and allows them to actively take security measures when handling security relevant projects. As an optional part of the class, students are able to participate in a hacking contest in which they can prove their knowledge of security and system management by competing as a team against other Teams spread around the globe.

Topics

Prerequisites


Mode and Grading

7 challenges (assignments)

We will announce a challenge every couple of weeks that will be open for 13 days for you to solve.
These challenges shall give you some basic hands-on experience in penetration testing and security analysis of software and applications.
We have planned 6 challenges that deal with the lecture's topics and are directly related to the concepts discussed in the lecture part of the course.
The challenges are not necessarily difficult, but may require you to do some research on the Internet and read some documentation. Of course, you also need some patience.

By the way, we are aware that the InetSec environment is not highly secure. It's a time issue ;-) So we trust you that you will not try to break or hack the system. That is not a challenge. Remember that you are the good guy/gal.
We will not tolerate any attacks against our infrastructure.

Examination

At the end of the semester. Registration via TISS.
75 minutes time, no course material allowed.

Grading

The grade you get is best described with the following "python" code:

from decimal import *
import math
LECTURE_CHALLENGES = 7 # example, may vary from semester to semester
LECTURE_EXAM_MAX_POINTS = 35 # example, may vary from exam to exam

def min_challenges_to_solve():
    return int(math.ceil((Decimal(LECTURE_CHALLENGES) / Decimal(2)) + Decimal(0.1)))

def grade(student_solved_challenges, student_exam_points):
    challenge_points = (Decimal(student_solved_challenges) / Decimal(LECTURE_CHALLENGES)) * Decimal(100)
    exam_points = (Decimal(student_exam_points) / Decimal(LECTURE_EXAM_MAX_POINTS)) * Decimal(100)
    
    sum_points = int(math.ceil((Decimal(2) * challenge_points + exam_points) / Decimal(3)))

    if sum_points <= 50 or student_solved_challenges < min_challenges_to_solve():
        return 5
    elif sum_points <= 63:
        return 4
    elif sum_points <= 75:
        return 3
    elif sum_points <= 88:
        return 2
    else:
        return 1

if __name__ == "__main__":
    # student solved 5 challenges and received 25 points on the exam
    print(grade(5, 25))

Practicums and Theses

Are you a motivated student and looking for a bachelor's thesis or master's thesis, visited our courses and are otherwise also very interested in the security topic? Please visit the internship and theses pages of Seclab and SBA Research:
  • Internships and Theses at SBA Research
  • Internships and Theses at Seclab Vienna
    Good luck and happy debugging ;-)