Offensive Cyber Security (5 cr)
Code: MS00CR16-3002
General information
- Enrollment
- 02.12.2024 - 27.01.2025
- Registration for the implementation has ended.
- Timing
- 09.01.2025 - 31.05.2025
- Implementation has ended.
- Number of ECTS credits allocated
- 5 cr
- Local portion
- 5 cr
- Mode of delivery
- Contact learning
- Unit
- ICT
- Campus
- Kupittaa Campus
- Teaching languages
- Finnish
- Seats
- 10 - 36
- Degree programmes
- Master of Business Administration, Cyber Security
- Teachers
- Jani Ekqvist
- Course
- MS00CR16
Realization has 7 reservations. Total duration of reservations is 22 h 45 min.
Time | Topic | Location |
---|---|---|
Mon 27.01.2025 time 09:00 - 12:15 (3 h 15 min) |
Hyökkäävä kyberturvallisuus MS00CR16-3002 |
ICT_C3036
Cyberlab / BYOD
|
Tue 28.01.2025 time 09:00 - 12:15 (3 h 15 min) |
Hyökkäävä kyberturvallisuus MS00CR16-3002 |
ICT_C3036
Cyberlab / BYOD
|
Mon 24.02.2025 time 09:00 - 12:15 (3 h 15 min) |
Hyökkäävä kyberturvallisuus MS00CR16-3002 |
ICT_C3036
Cyberlab / BYOD
|
Tue 25.02.2025 time 09:00 - 12:15 (3 h 15 min) |
Hyökkäävä kyberturvallisuus MS00CR16-3002 |
ICT_C3036
Cyberlab / BYOD
|
Mon 24.03.2025 time 09:00 - 12:15 (3 h 15 min) |
Hyökkäävä kyberturvallisuus MS00CR16-3002 |
ICT_C3036
Cyberlab / BYOD
|
Tue 25.03.2025 time 09:00 - 12:15 (3 h 15 min) |
Hyökkäävä kyberturvallisuus MS00CR16-3002 |
ICT_C3036
Cyberlab / BYOD
|
Tue 22.04.2025 time 09:00 - 12:15 (3 h 15 min) |
Hyökkäävä kyberturvallisuus MS00CR16-3002 |
ICT_C3036
Cyberlab / BYOD
|
Evaluation scale
H-5
Content scheduling
Course begins with introductory lecture. In laboratory exercises student learns to use the tools of trade. Finally, students perform a penetration testing engagement and report the results.
Objective
After completing the course, the student can take an adversarial view of the organization’s own information systems and identify the attack surface. Student is able to find and exploit vulnerabilities in the system using common offensive tools. Student understands the effect the vulnerabilities have to the security of the organization’s information systems and is able to communicate it effectively to all stakeholders.
Content
- Penetration testing methods and processes
- Ethical and legal considerations
- Testing tools and techniques
- Reporting
Materials
We are using the TryHackMe.com training platform in addition to ItsLearning. Licenses for the duration of the course will be provided for the first attempt of the course.
Exam schedules
There is a compulsory exam about the legal aspects.
Completion alternatives
-
Student workload
Lectures 8h
Laboratory assignments 80h
Testing project 45h
Exam 2h
Evaluation methods and criteria
Grade will be determined by laboratory assignments and report.
Laboratory assignments 50%, scale:
90% – 5
80% – 4
70% – 3
60% – 2
50% – 1
Report 50%
Report includes penetration testing two target machines. Report is graded on scale 0-5.
To pass the course, student must obtain a passing grade from laboratory assignments, exam and report.
Failed (0)
Student is unable to perform and report a penetration testing engagement independently.
Assessment criteria, satisfactory (1-2)
Student understands the basics of penetration testing and is able to perform a penetration test against a web application independently. Student can write an understandable and actionable report about the test results.
Assessment criteria, good (3-4)
Student has a good grasp of information security testing methodologies and tools. Student can independently test various types of internet connected applications. Student can write an understandable and actionable report about the test results that contains guidance for both the management and the developers responsible for the application.
Assessment criteria, excellent (5)
Student has knowledge and is able to select the best suited tool and methodology for the engagement. Student can independently test most types of internet connected applications. Student can write a clear, concise and actionable report about the test results that effectively guides management decisions and provides the software developers with detailed guidance on both fixing to found issues and methods for avoiding similar issues in the future.
Further information
All communication will be through ItsLearning