VVZ API is not affiliated with ETH Zurich. Data might be outdated or incorrect. Please view the official ETHZ Vorlesungsverzeichnis for binding information.

252-0811-00L 8 Credits MSC D-INFK

Applied Security Laboratory

Lecturers & Examiners: Prof. Dr. David Basin, Dr. Christoph Sprenger
The deadline for deregistering expires on 2 October 2026. Students who are still registered after that date, but do not attend the course will oficially fail it
VVZ CR n/a

Last Updated: 2026-06-03 00:07:36

Abstract

Hands-on course on applied aspects of information security. Appliedinformation security, operating system security, OS hardening, computer forensics, web application security, project work, design, implementation, and configuration of security mechanisms, risk analysis, system review.

Objective

The Applied Security Laboratory addresses four major topics: operating system security (hardening, vulnerability scanning, access control, logging), application security with an emphasis on web applications (web server setup, common web exploits, authentication, session handling, code security), computer forensics, and risk analysis and risk management.

Content

This course emphasizes applied aspects of Information Security. The students will study a number of topics in a hands-on fashion and carry out experiments in order to better understand the need for secure implementation and configuration of IT systems and to assess the effectivity and impact of security measures. This part is based on a book and virtual machines that include example applications, questions, and answers. The students will also complete an independent project: based on a set of functional requirements, they will design and implement a prototypical IT system. In addition, they will conduct a thorough security analysis and devise appropriate security measures for their systems. Finally, they will carry out a technical and conceptual review of another system. All project work will be performed in teams and must be properly documented.

Resources

Lecture Notes

The course is based on the book "Applied Information Security - A Hands-on Approach". More information:http://www.infsec.ethz.ch/appliedlabbook

Literature

Recommended reading includes: * Pfleeger, Pfleeger: Security in Computing, Third Edition, Prentice Hall, available online from within ETH * Garfinkel, Schwartz, Spafford: Practical Unix & Internet Security, O'Reilly & Associates. * Various: OWASP Guide to Building Secure Web Applications, available online * Huseby: Innocent Code -- A Security Wake-Up Call for Web Programmers, John Wiley & Sons. * Scambray, Schema: Hacking Exposed Web Applications, McGraw-Hill. * O'Reilly, Loukides: Unix Power Tools, O'Reilly & Associates. * Frisch: Essential System Administration, O'Reilly & Associates. * NIST: Risk Management Guide for Information Technology Systems, available online as PDF * BSI: IT-Grundschutzhandbuch, available online

General Information

Language
English
Levels
MSC
Frequency
Yearly recurring

Examination

Type
ungraded semester performance
The deliverables and their contribution towards the semester performance are:1) an individual lab journal documenting each student’s work with the book (20%) and2) the project deliverables which are handed in as a group (80%).Please note that after that date no deregistration will be accepted and the course will be considered as "fail".

Registration & Places

Max Places
40
Signup End
02.10.2026
Priority: Registration for the course unit is only possible for the primary target group

Course Components

Type Title Time & Place Hours
practical/laboratory course Applied Security Laboratory No time listed 7 h weekly

Offered In