CODE 111104 ACADEMIC YEAR 2023/2024 CREDITS 6 cfu anno 1 COMPUTER ENGINEERING 11160 (LM-32) - GENOVA SCIENTIFIC DISCIPLINARY SECTOR ING-INF/05 LANGUAGE English TEACHING LOCATION GENOVA SEMESTER 2° Semester TEACHING MATERIALS AULAWEB OVERVIEW The course aims to introduce the main security mechanisms of mobile operating systems and applications and present the core techniques, methodologies and tools for the vulnerability assessment and penetration testing of Android and iOS applications. The course involves both lectures and practical sessions for students. AIMS AND CONTENT LEARNING OUTCOMES The course aims to introduce the main security mechanisms of mobile operating systems and applications and present the core techniques, methodologies and tools for the vulnerability assessment and penetration testing of Android and iOS applications. The course involves both lectures and practical sessions for students. AIMS AND LEARNING OUTCOMES Learning Outcomes: - Acquire the main security mechanisms of mobile operating systems and applications; - Know the most important vulnerability classes for mobile applications; - Understand the methodologies and techniques to perform vulnerability assessment and penetration testing activities on mobile applications; - Perform security assessment activities on Android and iOS applications and prepare security reports; PREREQUISITES - Mobile Programming - Foundations of Cyber Security - Foundation of Object oriented programming, operating systems, and databases TEACHING METHODS Lectures plus individual hands-on during the course. Working students and students with certified SLD (Specific Learning Disorders), disability or other special educational needs are advised to contact the teacher at the beginning of the course to agree on teaching and examination arrangements so to take into account individual learning patterns, while respecting the teaching objectives. SYLLABUS/CONTENT Security Model of Mobile OSes (Android, iOS) Anatomy of Android and iOS Apps Security of Android apps Security of iOS Apps Vulnerability Assessment (VA) and Penetration Testing (PT) Methodologies Reverse Engineering of Mobile Apps Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Lab: VA/PT of Mobile Apps (lab) RECOMMENDED READING/BIBLIOGRAPHY The teacher provides slides and exercises (in English) during the course. TEACHERS AND EXAM BOARD LUCA VERDERAME Ricevimento: You can request a meeting by sending an e-mail to luca.verderame@unige.it Exam Board LUCA VERDERAME (President) ENRICO RUSSO ALESSANDRO ARMANDO (President Substitute) LESSONS LESSONS START https://corsi.unige.it/en/corsi/11160/studenti-orario Class schedule The timetable for this course is available here: Portale EasyAcademy EXAMS EXAM DESCRIPTION Project: execution of a vulnerability assessment and penetration testing activity of a set of applications for Android and iOS to be agreed together with the teacher. At the end of the activity, the student must present a report with a discussion of the activities carried out and the details of the identified vulnerabilities. ASSESSMENT METHODS Pitch of the iresults of the project and oral discussion. The final evaluation will take into account: class attendance; the knowledge of the course contents tested with the project; the problem-solving skills tested with the project; the communication skills tested during the oral presentation. Exam schedule Data appello Orario Luogo Degree type Note 16/02/2024 09:00 GENOVA Esame su appuntamento 13/09/2024 09:00 GENOVA Esame su appuntamento
