191.124 Fundamentals of Security and Privacy
This course is in all assigned curricula part of the STEOP.
This course is in at least 1 assigned curriculum part of the STEOP.

2023S, VU, 2.0h, 3.0EC


  • Semester hours: 2.0
  • Credits: 3.0
  • Type: VU Lecture and Exercise
  • LectureTube course
  • Format: Presence

Learning outcomes

After successful completion of the course, students are able to:

  • understand the main challenges in modern IT systems in the field of security and privacy
  • explain the fundamental concepts of existing technologies and tools aimed at protecting the security of IT systems and the privacy of users
  • identify simple software vulnerabilities in existing IT systems and application and understand their impact in terms of security and privacy

Subject of course

First part: Cryptography and its applications

  • Fundamentals of symmetric cryptography: basic encryption schemes, product ciphers, stream and block ciphers, the AES algorithm, modes of operation, usage of cryptographic libraries in the programming language Python
  • Fundamentals of asymmetric cryptography: the RSA algorithm, the Diffie-Hellman key exchange protocol, Man-in-the-Middle attacks, implementation and usage of asymmetric encryption schemes in Python
  • One-Way-Hash functions and Message Authentication Codes
  • Digital signatures, certificates and Public-Key-Infrastructures
  • Identification and authentication methods, 2-factor authentication, overview of Single-Sign-On systems deployed on the Internet, authentication methods employed in the most common operating systems, password cracking with the tool John the Ripper 

Second part: Security and Privacy on the Internet

  • Fundamental of networks (IP addresses, ports, protocols), analysis of network traffic with the tool Wireshark
  • Firewall systems
  • E-Mail security and encryption (PGP and S/MIME)
  • Fundamental technologies of the Internet: protocols (HTTP, TLS), languages (HTML, JavaScript) and anatomy of a Web application (with examples in Python)
  • Web attacks: Cross-Site-Scripting (XSS), Cross-Site-Request-Forgery (CSRF), SQL Injections, command injection
  • Technologies for the protection of users’ privacy on the Internet (VPN, TOR)
  • Malware and related defense mechanisms

Teaching methods

The course will be held in presence. During the lectures, which can be followed in place or over a live stream, the topics of the course will be clarified and practical examples and applications will be discussed. Lectures are registered and the recordings will be published in TUWEL in the next 1-2 days. Students must enroll to the course on TISS to obtain access to the TUWEL platform.

Should unpredictable events occur that prevent the offering of lectures in place for a certain period of time, the course will be temporarily switched to Distance Learning. In such a case, lectures will be offered online over Zoom and the recordings will be uploaded after a couple of days on TUWEL. Eventual changes will be notified per e-mail and on the TUWEL forum.

In order to strengthen and put in practice the concepts explained during the lectures, students are required to solve practical assignments including the development of small programs in Python, the usage of the tools presented during the course to carry out some tasks or analyze the source code of small web applications to identify vulnerabilities and exploit them. 

Aside from lectures, we will provide regular meetings (over Zoom) where the students can be supported by tutors and lecturers in developing the solution of their homework and where they can ask questions to the topics presented during the course.

Mode of examination


Additional information

ECTS-Breakdown (3 ECTS: 75 Stunden)

  • 14h: Participation to lectures
  • 40h: Homework
  • 18h: Self-study and preparation to tests
  • 3h: Participation to tests



Course dates

Thu18:00 - 19:0002.03.2023EI 9 Hlawka HS - ETIT Presentation of the course
Thu18:00 - 20:0009.03.2023 - 25.05.2023EI 9 Hlawka HS - ETIT Lecture
Tue18:00 - 20:0021.03.2023EI 9 Hlawka HS - ETIT Lecture
Thu18:00 - 20:0030.03.2023EI 10 Fritz Paschke HS - UIW Lecture
Fundamentals of Security and Privacy - Single appointments
Thu02.03.202318:00 - 19:00EI 9 Hlawka HS - ETIT Presentation of the course
Thu09.03.202318:00 - 20:00EI 9 Hlawka HS - ETIT Lecture
Thu16.03.202318:00 - 20:00EI 9 Hlawka HS - ETIT Lecture
Tue21.03.202318:00 - 20:00EI 9 Hlawka HS - ETIT Lecture
Thu30.03.202318:00 - 20:00EI 10 Fritz Paschke HS - UIW Lecture
Thu27.04.202318:00 - 20:00EI 9 Hlawka HS - ETIT Lecture
Thu04.05.202318:00 - 20:00EI 9 Hlawka HS - ETIT Lecture
Thu11.05.202318:00 - 20:00EI 9 Hlawka HS - ETIT Lecture
Thu25.05.202318:00 - 20:00EI 9 Hlawka HS - ETIT Lecture

Examination modalities

The evaluation is based on the performance obtained by the students in the following parts:

  • Exercise part: up to 50 points
  • 1st test: up to 25 points
  • 2nd test: up to 25 points

The number of points of the exercise part is given by the sum of the scores obtained in the various assignments. Assignments that are not handed in are worth 0 points. 

Two different attempts are offered for each of the two tests: the first one during the semester, the second one before the beginning of the winter semester (mid of September). Tests are scheduled to take place in presence: if this is not possible (e.g., because of a lockdown or restrictions concerning the attendance at the university), tests will take place online over Zoom meetings and a camera (either on the laptop or on an additional device like a smartphone) must be active for the entire duration of the exam.

Tests will consist of multiple-choice questions and open answer questions about the contents of the course and the topics treated in the assignments. For every test, students can take part to both attempts (e.g., to improve their grade), but only the last handed in attempt will be considered.


DayTimeDateRoomMode of examinationApplication timeApplication modeExam
Tue18:00 - 20:0011.06.2024GM 1 Audi. Max.- ARCH-INF written13.05.2024 00:00 - 09.06.2024 23:59TISS2. Test - 1. Termin
Tue18:00 - 20:0017.09.2024EI 9 Hlawka HS - ETIT written01.08.2024 00:00 - 15.09.2024 23:59TISS1. Test - 2. Termin
Thu18:00 - 20:0026.09.2024EI 8 Pötzl HS - QUER written01.08.2024 00:00 - 24.09.2024 23:59TISS2. Test - 2. Termin

Course registration

Begin End Deregistration end
14.02.2023 00:00 16.03.2023 00:00 16.03.2023 00:00

Registration modalities

Please notice that this course is only offered to students of the curriculum Digital Skills (study code 045 006). Registrations of students with different study codes will not be accepted.


The student must have at least all of the course(s) completed listed below:


Study CodeObligationSemesterPrecon.Info
045 006 Digital Skills MandatorySTEOP
Course requires the completion of the introductory and orientation phase


Some of the topics of the course are covered in the following book:
  • Cyber-Sicherheit: Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und Eigenschaften von Cyber-Sicherheitssystemen in der Digitalisierung (in German)
    Taschenbuch – 12. August 2019 von Norbert Pohlmann
    ISBN 978-3-658-25398-1

Previous knowledge

  • Experience in programming with Python acquired by successfully completing the course Fundamentals of programming and algorithms.
  • Knowledge of the SQL language, as taught in the course Foundations of information systems, is an advantage.

Preceding courses

Continuative courses