Subjects
The course is structured in 8 subjects, together with the internships in a company or the End of Program Project, which complement each other to cover all the essential aspects associated with the following model:
Course list
Please, keep in mind that all the courses are taught in Spanish! (but are English friendly)
General Concepts
RISK ANALYSIS | THREAT INTELLIGENCE | GOVERNANCE
This subject will give a broad overview of cybersecurity main techniques and challenges.
The contents of this course are divided into the following topics:
- Basic principles of security: Objectives, security services and their evolution
- Security threats: Threat agents, vulnerability models in computer systems and security in the use of internet services
- Intelligence applied to cybersecurity: social engineering, the «Deep Web» and «Traffic Director System»
- Identity and Access Management (IDMS): Authentication and its different types (OTP, Kerberos, PKI, Biometrics, etc). Authorization and its use
- Cyberterrorism and incident response
Theoretical ECTS: 1,00
Practical ECTS: 2,00
Fundamentals of Cryptography
SECURE ARCHITECTURE | OPERATIONAL SAFETY
This subject is concern with the theoretical bases of information security, specially the mathematical background.
It contains the following topics:
- Theoretical concepts of cryptography: Encryption algorithms and classification of attacks against them. Entropy and the measurement of computational security
- Fundamentals of authentication and data integrity: Hash functions, password management, modes of operation in symmetric and asymmetric encryption.
- Fundamentals of cryptographic protocols: Basic schemes of the protocols. Your application to key distribution, authentication and proof of knowledge
- Cryptographic Security and OpenSSL
Theoretical ECTS: 1,00
Practical ECTS: 2,00
Operating Systems
SECURE ARCHITECTURE | RISK ANALYSIS | GOVERNANCE
This subject will be the basis for understanding the vulnerabilities of current computing devices.
It contains the following topics:
- Fundamentals of Computer Architecture: Processor and the different sets of instructions, Hierarchy of memory and operating systems
- Implementation of Access Control and Authorization: Most common standards for users and processes. Containers and virtualized systems.
- System hardening techniques: IDS, services, log systems and intrusion detection.
Theoretical ECTS: 1,00
Practical ECTS: 2,00
Network Design
SECURE ARCHITECTURE | OPERATIONAL SAFETY | GOVERNANCE
This subject will be the basis for the design of communications networks with security guarantees.
It contains the following topics:
- Network security model: Model of layers with the corresponding protocols as well as the control of this through filtering, proxies, firewalls, DMZ, etc.
- Secure network topologies: Network vulnerabilities and detection of attack vectors and configuration (stronghold network, “Zero-Trust”, “Cloud computing”)
- Analysis and monitoring: Tools and techniques for capturing, recording activity and detecting traffic patterns.
Theoretical ECTS: 1,00
Practical ECTS: 2,00
Network Attacks
RISK ANALYSIS | OPERATIONAL SAFETY | GOVERNANCE
This subject gives a global vision of the most common attacks, as well as an evolution of them and their classification.
It contains the following topics:
- Classification of IP networks: Public, private, virtual, containers, «cloud»
- Typology of attacks according to their phases: Attacks by interception, MITM, denial of service and direct.
- Security in wireless and virtual private networks: Study of VLAN networks, access point configuration options, use of «Aircrack», the WEP protocol and recommendations for hardening security.
Theoretical ECTS: 1,00
Practical ECTS: 2,00
Software Security
OPERATIONAL SAFETY | GOVERNANCE
This course will focus on software modeling and databases. The course covers all parts of design, analysis and testing, risk management, deployment and maintenance, and security.
It contains the following topics:
- Ethical hacking, auditing and pentesting: Discovering vulnerabilities and analysis, exploitation and escalation of privileges. Specific audits of infrastructures, web applications and mobile applications
- Software Modeling, analysis and testing: Static and Dynamic Analysis, Unit Testing and Continuous Integration and Software Testing
- Database Security: SQL and NoSQL Databases (Columnar, Documentary and graph-based). Technical aspects of disk encryption, data policy and secure data deletion.
Theoretical ECTS: 1,00
Practical ECTS: 2,00
Cryptanalysis and Forensic Analysis
THREAT INTELLIGENCE | GOVERNANCE
In this subject, an overview of the most common techniques for attacking encryption algorithms as well as the recovery of information in computer systems will be made.
It contains the following topics:
- Attacks on classical ciphers: Algorithms based on known text and probability
- Side channel attacks: Attacks based on execution time, power profile, Differential power analysis and attacks based on access to cache memory
- General attacks on encryption: Analysis of differential and linear attacks. Algorithms for factorization and the discrete logarithm.
- Evidence analysis: Forensic analysis tools, audits, evidence collection, management and notification.
Theoretical ECTS: 1,00
Practical ECTS: 2,00
Secure Programming
OPERATIONAL SAFETY | GOVERNANCE
The contents of this subject are focused on the most common vulnerabilities within code in different programming languages as well as a guide to the best practices for programming.
It contains the following topics:
- Structure of compiled language binaries: function calls, memory access, input/output operations, and concurrency
- Web technologies: Client/server architecture, most common languages and security in Web applications through «OWASP TOP 10»
- security oriented languages
- Malicious code: classification (viruses, worms, destructive, stealthy, rootkits, etc.) and detection (antivirus, uses of artificial intelligence, etc.)
Theoretical ECTS: 1,00
Practical ECTS: 2,00
External Internships or End of Program Project
Additionally, the Course is completed with 6 ECTS credits, preferably corresponding to the completion, by students, of internships in private companies on these subjects. If the student decline to do so and prior authorization from the Academic Committee, the student may choose to carry out a Final Program Project, with an equivalent academic effort.
Theoretical ECTS: 0,00
Practical ECTS: 6,00
Professional Expertise in Cybersecurity
Secretaría de la Facultad de Ciencias
Avenida Los Castros s/n. Santander
942 20 14 11/12
expertociber@unican.es