This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

Topics: IT security in practice; user authentication and access control basics; basic memory corruption attacks; secure programing methods and security testing of software; malware and malware detection; browser and web security; mobile and cloud security; network security, firewalls, and IDS systems; introduction to cryptography; cryptographic protocols; privacy protection; risk analysis and economics of security.

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

Topics: IT security in practice; user authentication and access control basics; basic memory corruption attacks; secure programing methods and security testing of software; malware and malware detection; browser and web security; mobile and cloud security; network security, firewalls, and IDS systems; introduction to cryptography; cryptographic protocols; privacy protection; risk analysis and economics of security.

This BSc course introduces problems related to general IT security. It focuses on offensive security to demonstrate the mindset of an attacker. This is good motivational first course for IT security enthusiasts.

Topics: IT security in practice; web security, memory corruption, low level security, reverse engineering, practical cryptography, machine learning, malware

This BProf course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course also gives an introduction to source coding and channel coding.

Topics: IT security in practice; user authentication and access control basics; basic memory corruption attacks; secure programing methods and security testing of software; malware and malware detection; web security; network security, firewalls, and IDS systems; introduction to cryptography; cryptographic protocols; lossless and lossy compression; channel coding.

This course introduces security problems in software development: students will learn the most common mistakes in software development and how attackers exploit those mistakes (offensive security). Then, students get to know how to mitigate attacks and write secure software applications.

Topics: secure software development lifecycle; security testing; web security; secure API design; secure coding in Java & C#; iOS security; Android security; secure coding in C/C++; machine learning in software development

This course introduces problems related to communication security in wired and wireless networks, describes the principles and practical implementations of modern security protocols that address those problems, and sheds light on protocol design issues through the detailed analysis of existing security protocols.

Topics: cryptographic primitives; block encryption modes; message authentication codes; random number generation; key exchange protocols; public key infrastructure; secure communication protocols (TLS, IPsec, WiFi security); secure protocols in resource constrained environments; anonymous communication systems; fair exchange.

The course introduces security problems in computing systems, as well as the principles, practical mechanisms, and tools used to solve them. The term computer is interpreted in a broad sense, and it includes personal computers, servers, mobile devices, and embedded computers. The course covers physical security and OS level security of computers, software security issues at the application level, secure programming, and the problem of malicious software (malware).

Topics: operating systems security; memory corruption attacks and countermeasures; secure programming methods; malware techniques, detection, and analysis; security of mobile platforms; browser security issues; virtualization security; incident response and digital forensics; tamper resistance and physical security.

This course gives a detailed introduction into the security problems of computer networks, and it gives an overview of the possible solutions to those problems. It also covers issues related to secure operation of networks in practice, including modern tools and techniques used to ensure security. Students get theoretical knowledge and practical skills that form the basis of secure network operations, and allow them to assess security risks, understand threats and vulnerabilities, select and integrate appropriate security solutions, and to design new security mechanisms. The course also serves as a basis for obtaining skills in penetration testing and ethical hacking of networks.

Topics: network penetration testing; firewalls; intrusion detection/prevention systems, SIEMs; IPv6 security; network forensics; honeypots; network infrastructure security (e.g., DNSSEC); botnets; web security; spam filtering; detection of DoS attacks; enterprise network security; industrial control network security; privacy on the web

This laboratory extends and deepens the knowledge and skills obtained in the courses of the IT Security minor specialization by solving practical, hands-on exercises in real, or close-to-real environments.

Topics: access control in operating systems; software security (buffer overflow and format string attacks); malware analysis; security testing of network and web based systems; network traffic monitoring with sniffing; firewalls and application level proxies; network forensics; PKI and electronic signatures

This course gives an introduction into the security problems of computer networks, and it gives an overview of the possible solutions to those problems. It also covers issues related to secure operation of networks in practice, including modern tools and techniques used to ensure security. Students get theoretical knowledge and practical skills that form the basis of secure network operations.

Topics: authentication and authorization; firewalls; intrusion detection/prevention systems, SIEMs; virtual private networks; logging; network infrastructure security (e.g., DNSSEC); botnets; web security; spam filtering; detection of DoS attacks; routing security; network penetration testing

This laboratory extends and deepens the knowledge and skills obtained in the Network Security in Practise and Computer Security in Practise courses by solving practical, hands-on exercises in real, or close-to-real environments.

Topics: VLANs; routing; DHCP and NAT; firewalls; virtual private networks; logging; ethical hacking

Information security is as much an economic problem as it is technical. Even given flawless cryptographic protocols and the availability of perfectly secure software, the misaligned economic incentives of different stakeholders in a system often result in a (very) sub-optimal security level. By guiding you through the jungle of asymmetric information, interdependent security, correlated risk and other concepts characteristic for system security, this elective course will enable you to make better decisions in risk management, security investment and policy design on a system level. Furthermore, the course touches upon the economic aspects of data privacy, an emerging area of interest for users and companies in the big data era.

Topics: microeconomics, game theory, incentives, interdependent security, asymmetric information, correlated risk, risk management, security investments, spam, underground economy, information sharing on security breaches, bug bounty, cyber-insurance, (behavioral) economics of privacy, interdependent privacy

This elective course gives an overview of the different areas of Machine Learning security by processing state-of-the-art and cutting-edge research papers in related fields. The course is interactive, where each student presents a selected topic, i.e., it also focuses on developing "soft skills" such as a scientific presentation.

Topics: Membership Inference, Reconstruction Attack, Model Extraction, Machine Unlearning, Poisoning, Adversarial Examples, Evasion, Backdoor, Robustness, Explainability/Interpretability, Fairness, Availability

This course provides a detailed overview of data privacy. It focuses on different privacy problems of web tracking, data sharing, and machine learning, as well as their mitigation techniques. The aim is to give the essential (technical) background knowledge needed to identify and protect personal data. These skills are becoming a must of every data/software engineer and data protection officer dealing with personal and sensitive data, and are also required by the European General Data Protection Regulation.

Topics: Dark Patterns (+ Cognitive Biases), (Web-)Tracking (+ Profiling), GDPR, Cryptography (Homomoprhic Encryption, Secret Sharing, ZeroKnowdloge Proofs, etc.), CryptoCurrencies, TOR, E-Voting, Machine Learning Privacy (Membership Inference, Fairness, etc.), Deanonymization (Relational-, Unstructured-, and Aggregate-data), Anonymization (K-Anonimity, Differential Privacy)

This is an elective lab exercise course where students learn the basics of security operations.

Topics: cyber attacks; security of Linux and Windows; network security; network defense; incident response.

This course gives an introduction to the basics of cryptography, explains how basic building blocks work, and demonstrates how secure systems can be engineered by properly using them. Besides the theoretical background, we use lot of illustrative examples and show practical applications. In addition, besides the technical details, we give an outlook to the legal and business aspects of using cryptography. This course is offered only to students of the Aquincum Institute of Technology, Budapest.

In the past

• Secure Software Development (VIHIAV33)
• Computernetzwerke - in German (VIHIAB01)
• Information Security (VIHIM100 and VIHIM102)
• Security Protocols (VIHIM132)
• Cryptography and its Applications (VIHIM133)
• Foundations of Secure Electronic Commerce (VIHIM219)
• Network Security in Practice (VIHIM327)
• Security labs (VIHIM220 and VIHIM305)
• Economics of Security and Privacy (VIHIAV15)