Advanced Technology Group

• Home
• Lecturers
• Consultancy
• Contact

Seminars in 2012

 

Information Security
and Cryptography

 

Building Secure
Software Systems

 

Wireless and Mobile
Network Security

 

Applied Information Security, Hands-on!

 

Venue

 

Seminar Enrollment

 

Seminar 4

Applied Information Security,  Hands-on!

Thursday, July 5 (09:00h) – Friday, July 6, 2012 (17:00h)
Lecturers: David Basin and Patrick Schaller

 

In this seminar participants carry out hands-on experiments in Information Security. The experiments illustrate common information security problems and pitfalls arising in modern operating systems, networks, and web applications, and how to avoid or fix them. The seminar participants are introduced to the problems and afterwards carry out exploits and work through different countermeasures. In this way, they gain a detailed understanding of how vulnerabilities arise in practice and practical experience countering them.

All experiments are carried out on Linux systems, running within a virtualized networked environment. The environment runs within VirtualBox, an open source virtualization platform available for most commonly used operating systems, such as Windows, Mac OS X, and Linux. Seminar participants are expected to bring a laptop on which VirtualBox can be installed and to use their laptop for the experiments using the virtual machines provided.

 

VirtualBox

• Introduction to Virtualization and VirtualBox
• Installation of Virtual Machines on Participants' Laptops

 

Network Security

• Remote Access and Procedure Calls: TCP/IP, Servers, and Daemons
• Port and Vulnerability Scanners
• Network Sniffers
• Firewalls and TCP-wrappers

 

Intrusion Detection

• Basic Techniques
• Integrity Checks: finding Rootkits

 

Authentication and Access Control

• Securing Remote Access
• Controlling Access to Data and Programs
• Administration using Shell Scripts and its Pitfalls

 

Logging and Log Analysis

• Log Mechanisms, Remote Logging
• Authenticity of Log Entries, Tamper-proof Logging
• Log Analysis

 

Web Application Security

• Application Profiling: Gathering Information about Website Configurations
• Vulnerabilities and Attack Techniques: SQL Injections, Cross-Site Scripting, Remote Command Execution, Remote File Upload, Cookie Stealing, Privilege Escalation to gain Root Access, etc.
• User Authentication and  Session Management
• Using SSL for Secure Web Server Access
• Identifying and Testing Potential Weaknesses: White and Blackbox Approaches

 

Certificates and Public Key Cryptography using Apache

• Basics Concepts
• Creating Public and Private Keys
• Creating and Revoking Certificates
• Running a Certificate Authority
• Certificate-based Client Authentication

 

NOTE: Participants must bring their own notebook computer to the seminar.

 

 

Download PDFs here:

• Course description
• Seminar enrollment

 

Here you will find more information about the venue.

 

Seminar's format

The seminar takes place at the Courtyard Zurich North and begins on Thursday at 9 AM. The sessions are interactive, with the possibility to decide, on demand, which topics should be treated in more depth. There are coffee breaks in the morning and afternoon. The lecturers will also be available for discussions on all related topics. The lectures and all course material are in English.

 

The seminar is in collaboration with the Department of Computer Science, ETH Zurich

 

Advanced Technology Group GmbH © 2011