Navigation To modulepage
Display language

IT Security Lab: Vulnerability Assessment

6 LP


#40520 / #2

SS 2017 - WS 2018/19

Fakultät IV

EN 6

Institut für Softwaretechnik und Theoretische Informatik

34355100 FG S-Professur Security in Telecommunications

Heiß, Hans-Ulrich

No information

POS-Nummer PORD-Nummer Modultitel
62840 27634 IT Security Lab: Vulnerability Assessment

Learning Outcomes

Students who have successfully finished the course will be able to select the right approach and tools to analyze unknown software for security problems. They will be able to assess the significance of their findings and to explain it to a non-expert. The course is principally designed to impart: technical skills 50%, method skills 40%, system skills 0%, social skills 10%.


Manual and semi-automated code reviews of server software, web applications, and client software. Fixing problems with low impact on the existing system and its usability as well as documenting the findings in advisories.

Module Components


All Courses are mandatory.

Course Name Type Number Cycle Language SWS
IT-Security Lab: Vulnerability Assessment PR 0432 L 554 SS No information 4

Workload and Credit Points

IT-Security Lab: Vulnerability Assessment (PR):

Workload description Multiplier Hours Total
Practical cases 1.0 90.0h 90.0h
Preparation for and participation in a security contest 1.0 30.0h 30.0h
Preparing a talk 1.0 30.0h 30.0h
Presence 15.0 2.0h 30.0h
180.0h(~6 LP)
The Workload of the module sums up to 180.0 Hours. Therefore the module contains 6 Credits.

Description of Teaching and Learning Methods

The main teaching method of this module is problem based learning. In order to get to know the tools and best practices, a series of interactive lectures is given. There will be small hands-on exercises to get familiar with the topics taught. To get practical experience, the participants will then work on multiple complex cases. The exercises are concluded with a general discussion on the results of the exercise, but also on the strategies employed by the participants. Additionally, each student will give a talk on recent developments in the security area. The learned skills will be applied in an international security contest during the semester (if no contest is organized during a given semester, this part will be substituted by a local exercise with a similar setting).

Requirements for participation and examination

Desirable prerequisites for participation in the courses:

Programming skills in at least one of the following languages: C, PHP, shell script and experience operating a Linux system are required. Knowledge of a basic/undergrad security lecture is recommended.

Mandatory requirements for the module test application:

No information

Module completion



Type of exam:

Portfolio examination



Typ of portfolio examination

100 points in total

Test elements

Name Points Categorie Duration/Extent
4 kleine Programmieraufgaben 36 practical 6 Stunden
Programmieraufgabe (große Semesteraufgabe) 32 practical 10 Stunden
Referat 32 oral 20 Minuten

Grading scale

Test description (Module completion)

Insgesamt können 100 Portfoliopunkte erreicht werden: • ein Referat (32 Portfoliopunkte), • Programmieraufgabe (große Semesteraufgabe, 32 Portfoliopunkte), • 4 Programmieraufgaben (kleine Aufgaben, je 9 Portfoliopunkte), Die Gesamtnote gemäß § 47 (2) AllgStuPO wird nach dem Notenschlüssel 2 der Fakultät IV ermittelt.

Duration of the Module

This module can be completed in one semester.

Maximum Number of Participants

This module is not limited to a number of students.

Registration Procedures


Recommended reading, Lecture notes

Lecture notes

Availability:  unavailable

Electronical lecture notes

Availability:  available
Additional information:


Recommended literature
No recommended literature given.

Assigned Degree Programs

Zur Zeit wird die Datenstruktur umgestellt. Aus technischen Gründen wird die Verwendung des Moduls während des Umstellungsprozesses in zwei Listen angezeigt.

This module is used in the following modulelists:

Students of other degrees can participate in this module without capacity testing.

This module is used in the following Degree Programs (new System):

    Students of other degrees can participate in this module without capacity testing.


    The module is offered every year.