The course is about cyber security. The course will have equal parts theoretical and practical elements.
The topic will be divided in the following topics:
Management / Organization
Under this topic we will look at how security is governed in organisations, and specifically at how to manage a secure software development process:
• It-Security management system: Like ISO 27001, OWASP SAMM etc.
• Secure software development lifecycle(s): Putting the Sec in DevSecOps
• OWASP Security by design
• Privacy by design
• GDPR
Software
Under software we will get more practical. We will do a lot of crypto engineering since cryptography is a basis for cyber security. Here we will…:
• Look at secure coding best practices
• Implement end-to-end security like:
o Password manager
o Private secure messaging
o Etc.
• Build a blockchain
Penetration testing
Under this part of the elective, we will look at how systems get breached. To understand this will help you evaluate the systems you develop. If you know how to break it, you know how to protect it– is the idea. Here we will play around with some hacker tools and test them out on some targets. This topic will include:
• Kali Linux
• Some vulnerable virtual machines
• Hopefully a few surprises
The organization part and the software part will be taught at the same time, whereas the hacker part will be taught independently as a final element.
This plan is a work in progress, and it might be changed before the elective begins.