Navigation To modulepage
Display language

International Information Security Contest

12 LP

English

#40933 / #1

Seit SS 2019

Fakultät IV

TEL 16

Institut für Softwaretechnik und Theoretische Informatik

34355100 FG S-Professur Security in Telecommunications

Seifert, Jean-Pierre

No information

jpseifert@sect.tu-berlin.de

POS-Nummer PORD-Nummer Modultitel
2348575 40692 International Information Security Contest

Learning Outcomes

Graduates of this module understand the concepts of common information security threats and exploits. They are able to develop and host server software for various platforms and programming languages. They are quick to comprehend and assess complex and obscure systems and have a hands-on understanding of security vulnerabilities, their impact, and necessary mitigations. On top, graduates of this module know how to teach information security in a playful manner.

Content

Participants explore software security hands-on with the goal to develop and host an international information security contest (¨Attack/Defense CTF”): every contesting team from all over the world receive virtual machines built during the project. The machines run participants’ programs with multiple artisanal security vulnerabilities, each exploitable over the network. To build the contest, participants will dive deep into the security of a platform and language of their choice and create a software project with well-hidden software vulnerabilities in this language. Furthermore, a game server will be developed as a team, including scripts to check the health of services for each contestant. As part of the development and hosting, participants will gain other technical and non-technical abilities, such as source control management, continuous integration, agile development, public relations as well as penetration testing and exploitation. The course gives participants the freedom to explore tools of their choice and build software both independently and in small teams.

Module Components

Pflichtgruppe:

All Courses are mandatory.

Course Name Type Number Cycle Language SWS
International Information Security Contest PJ SS German/English 8

Workload and Credit Points

International Information Security Contest (PJ):

Workload description Multiplier Hours Total
Attendance 15.0 8.0h 120.0h
Pre/post processing 15.0 16.0h 240.0h
360.0h (~12 LP)
The Workload of the module sums up to 360.0 Hours. Therefore the module contains 12 Credits.

Description of Teaching and Learning Methods

Self-study, active development, weekly meetings

Requirements for participation and examination

Desirable prerequisites for participation in the courses:

- Decent skills in a programming language of your choice - Willingness to adapt to new environments and situations - Real interest in information/computer/cyber security

Mandatory requirements for the module test application:

No information

Module completion

Grading:

graded

Type of exam:

Portfolio examination

Language:

German/English

Typ of portfolio examination

100 points in total

Test elements

Name Points Categorie Duration/Extent
(Deliverable Assessment) CTF Execution 20 practical 3 x 3h
(Deliverable Assessment) Development and Teamwork 35 practical 8 x 1h
(Deliverable Assessment) Presentation 15 practical 15 minutes
(Deliverable Assessment) Tests, Security Assessments and Review 30 practical 8 x 1 h

Grading scale

1.01.31.72.02.32.73.03.33.74.0
86.082.078.074.070.066.062.058.054.050.0

Test description (Module completion)

No information

Duration of the Module

This module can be completed in one semester.

Maximum Number of Participants

This module is not limited to a number of students.

Registration Procedures

1. QISPOS (bevorzugt) 2. Prüfungsamt

Recommended reading, Lecture notes

Lecture notes

Availability:  unavailable

Electronical lecture notes

Availability:  unavailable

Literature

Recommended literature
No recommended literature given.

Assigned Degree Programs

This module is used in the following modulelists:

Students of other degrees can participate in this module without capacity testing.

Miscellaneous

No information