VVZ API is not affiliated with ETH Zurich. Data might be outdated or incorrect. Please view the official ETHZ Vorlesungsverzeichnis for binding information.

251-0811-00L 5 Credits DS , MSC D-INFK

You're viewing possible stale or outdated data. Please check the latest semester for more up-to-date information.

Applied Security Laboratory

Lecturers & Examiners: Prof. Dr. David Basin

VVZ CR n/a

Last Updated: 2026-02-05 15:14:32

Abstract

Hands-on course on applied aspects of information security. Appliedinformation security, operating system security, OS hardening, webapplication security, project work, design, implementation, andconfiguration of security mechanisms, risk analysis, system review.

Objective

This course emphasizes applied aspects of Information Security. The students will study a number of topics in a hands-on fashion and carry out experiments in order to better understand the need for secure implementation and configuration of IT systems and to assess the effectivity and impact of security measures.

Content

The students will study a number of topics in a hands-on fashion and carry out experiments in order to better understand the need for secure implementation and configuration of IT systems and to assess the effectivity and impact of security measures. The students will also complete an independent project: based on a set of functional requirements, they will design and implement a prototypical IT system. In addition, they will conduct a thorough security analysis and devise appropriate security measures for their systems. Finally, they will carry out a technical and conceptual review of another system. All project work will be performed in teams and must be properly documented. The Applied Security Laboratory addresses two major topics: Operating system security (hardening, vulnerability scanning, access control, logging) and application security with an emphasis on web applications (web server setup, common web exploits, authentication, session handling, code security).

Resources

Lecture Notes

A script will be provided.

Literature

Recommended reading includes: * Pfleeger, Pfleeger: Security in Computing, Third Edition, Prentice Hall, available online from within ETH * Garfinkel, Schwartz, Spafford: Practical Unix & Internet Security, O'Reilly & Associates. * Various: OWASP Guide to Building Secure Web Applications, available online * Huseby: Innocent Code -- A Security Wake-Up Call for Web Programmers, John Wiley & Sons. * Scambray, Schema: Hacking Exposed Web Applications, McGraw-Hill. * O'Reilly, Loukides: Unix Power Tools, O'Reilly & Associates. * Frisch: Essential System Administration, O'Reilly & Associates. * NIST: Risk Management Guide for Information Technology Systems, available online as PDF * BSI: IT-Grundschutzhandbuch, available online

General Information

Language: English
Levels: DS , MSC
Frequency: Yearly recurring

Examination

Type: end-of-semester examination

Course Components

Type	Title	Time & Place	Hours
lecture with exercise	Applied Security Laboratory Permission from lecturers required for all students.	Thu 15:15-18:00 (RZ F 21)	3 h weekly