After successful completion of the course, students are able to search for information security shortcomings and vulnerabilities in complex IT systems, to document their findings and to rate the severity of the documented issues.
Similarly to a bug bounty program, students will be tasked with identifying and reporting security vulnerabilities on TU Wien's IT systems. Participants will gain hands-on experience in security testing, including web application security, network security, and software security. The course will provide insights on standard tools and techniques to identify and exploit security vulnerabilities, as well as documenting and reporting their findings. Additional topics will include legal and ethical aspects of security testing, responsible disclosure, mitigation of security vulnerabilities, standard metrics for rating the severity of security issues (CVEs), and the adoption of bug bounty programs in the industry.
The course will offer a combination of 1-2 in-person lectures and online learning materials. The in-person lectures will introduce the course, rules, scope, and ethical aspects of the program. Furthermore, academic and industry experts will share their experiences and insights on vulnerability assessment and bug bounty programs. The evaluation will be based on the students' reports on their findings and the methodology employed.
Inspired by the bug bounty program of Stanford University.
Please see the e-learning course for the details and rules.
ECTS-Breakdown:
Description ECTS Hours---------------------------------------------Preparation 0.04 1.0Lecture 0.16 4.0Practical Project Work 2.52 63.0Preparation of Seminar Paper 0.28 7.0---------------------------------------------Total 3.00 75.0
Based on participation in the course and the final report + presentation.
general interest in IT security