A course is the basic teaching unit, it's design as a medium for a student to acquire comprehensive knowledge and skills indispensable in the given field. A course guarantor is responsible for the factual content of the course.
For each course, there is a department responsible for the course organisation. A person responsible for timetabling for a given department sets a time schedule of teaching and for each class, s/he assigns an instructor and/or an examiner.
Expected time consumption of the course is expressed by a course attribute extent of teaching. For example, extent = 2 +2 indicates two teaching hours of lectures and two teaching hours of seminar (lab) per week.
At the end of each semester, the course instructor has to evaluate the extent to which a student has acquired the expected knowledge and skills. The type of this evaluation is indicated by the attribute completion. So, a course can be completed by just an assessment ('pouze zápočet'), by a graded assessment ('klasifikovaný zápočet'), or by just an examination ('pouze zkouška') or by an assessment and examination ('zápočet a zkouška') .
The difficulty of a given course is evaluated by the amount of ECTS credits.
The course is in session (cf. teaching is going on) during a semester. Each course is offered either in the winter ('zimní') or summer ('letní') semester of an academic year. Exceptionally, a course might be offered in both semesters.
The subject matter of a course is described in various texts.
BI-EHA.21 Ethical Hacking Extent of teaching: 2P+2C Instructor: Dostál J. Completion: Z,ZK Department: 18106 Credits: 5 Semester: L Annotation:
The goal of the course is to introduce students to the field of penetration testing and ethical hacking. The course deals with cybersecurity threats, vulnerabilities, and their possible exploitation in computer networks, web applications, wireless networks, operating systems, and others like the Internet of Things or cloud. The focus is on hands-on experience with vulnerabilities testing and the following process of penetration test documentation.
Lecture syllabus:
1. Introduction to penetration testing area. 2. Network traffic analysis and services discovery. 3. Vulnerability of network infrastructure. 4. Web applications - authentication and session management. 5. Web applications - code injection. 6. Web applications - scripting and request forgery. 7. Attacks on security of Wi-Fi systems. 8. Authentication and passwords 9. Reporting. 10. Operating systems, privileges escalation. 11. Embedded systems, attack vectors. 12. Automotive security. 13. Typical attacks on cloud systems. Seminar syllabus:
1. Introduction 2. Traffic Analysis 3. Web Security I 4. Web Security II 5. Web Security III 6. Password Cracking - Offline 7. Password Cracking - Online 8. Operating System Security 9. Wi-Fi 10. Forensics 11. Real World Vulnerabilities 12. Cloud Security 13. Reserve Literature:
1. Kennedy D., O'gorman D., Kearns D. : Metasploit: The Penetration Tester's Guide. No Starch Press, 2011. ISBN 978-1593272883. 2. Weidman G. : Penetration Testing: A Hands-On Introduction to Hacking. No Starch Press, 2014. ISBN 978-1593275648. 3. Messier R. : Learning Kali Linux: Security Testing, Penetration Testing & Ethical Hacking. O0Reilly, 2018. ISBN 978-1492028697. 4. Messier R. : CEH v10 Certified Ethical Hacker Study Guide. Sybex, 2019. ISBN 978-1119533191. Requirements:
Entry knowledge: OS Linux, web applications, database systems (SQL), basics of computer networks, and cryptography. It is an advantage to have the following courses completed or take them together with BI-EHA: BI-UOS, BI-DBS, BI-KAB, BI-PSI and BI-TWA.1
https://courses.fit.cvut.cz/BI-EHA/ The course is also part of the following Study plans:
Page updated 23. 4. 2024, semester: Z/2024-5, Z,L/2022-3, Z/2019-20, Z,L/2021-2, Z,L/2023-4, L/2019-20, Z,L/2020-1, Send comments to the content presented here to Administrator of study plans Design and implementation: J. Novák, I. Halaška