Course syllabus adopted 2026-02-12 by Head of Programme (or corresponding).
Overview
- Swedish nameEtisk hackning och penetrationstestning
- CodeDAT370
- Credits7.5 Credits
- OwnerMPCSC
- Education cycleSecond-cycle
- Main field of studyComputer Science and Engineering, Software Engineering
- DepartmentCOMPUTER SCIENCE AND ENGINEERING
- GradingTH - Pass with distinction (5), Pass with credit (4), Pass (3), Fail
Course round 1
- Teaching language English
- Application code 42130
- Maximum participants100 (at least 10% of the seats are reserved for exchange students)
- Open for exchange studentsYes
Credit distribution
Module | Sp1 | Sp2 | Sp3 | Sp4 | Summer | Not Sp | Examination dates |
|---|---|---|---|---|---|---|---|
| 0126 Project 7.5 c Grading: TH | 7.5 c |
In programmes
- MPCSC - Computer Systems and Cybersecurity, Year 1 (compulsory elective)
- MPCSC - Computer Systems and Cybersecurity, Year 2 (elective)
Examiner
Information missingEligibility
General entry requirements for Master's level (second cycle)Applicants enrolled in a programme at Chalmers where the course is included in the study programme are exempted from fulfilling the requirements
Specific entry requirements
English 6 (or by other approved means with the equivalent proficiency level)Applicants enrolled in a programme at Chalmers where the course is included in the study programme are exempted from fulfilling the requirements
Course specific prerequisites
The entry requirement for the course is to have successfully completed- at least 7.5 hec in programming.
- one of the courses Computer Security (7.5 hec) or Cyber Security (7.5 hec), or equivalent.
- at least 7.5 hec in computer networks.
- in addition to the above, 7.5 hec in the second cycle within cybersecurity or equivalent, for example, Network Security or Cryptography
The course is a joint course together with the University of Gothenburg. Students need access to a PC with Internet access to perform some of the mandatory assignments.
To succeed in this course, students should have prior knowledge of the innerworkings of the protocols TCP, UDP, IP and HTTP. Also, they should have some knowledge on ethics applied to computer science or cybersecurity, computer security, network security and cryptography, security metrics, risk analysis, operating system security and common attacks.
Ethical hackers need a good base of knowledge to be able to succeed in their tasks. Consequently, and although not mandatory for entry, prior knowledge on various areas significantly increases the chances of succeeding at the course. These areas are: computer architectures (assembly, and the programmers model of a processor), networks (various protocols, and knowledge navigating RFCs), operating systems (how to use the operating system shell, how processes are executed and run and how the OS system call interface works), network security (TLS, IDS, port scanning, and firewalls), cryptography (different primitives and their usage to guarantee security properties), and language-based security (how compiler hardening techniques work).
To succeed in this course, students should have prior knowledge of the innerworkings of the protocols TCP, UDP, IP and HTTP. Also, they should have some knowledge on ethics applied to computer science or cybersecurity, computer security, network security and cryptography, security metrics, risk analysis, operating system security and common attacks.
Ethical hackers need a good base of knowledge to be able to succeed in their tasks. Consequently, and although not mandatory for entry, prior knowledge on various areas significantly increases the chances of succeeding at the course. These areas are: computer architectures (assembly, and the programmers model of a processor), networks (various protocols, and knowledge navigating RFCs), operating systems (how to use the operating system shell, how processes are executed and run and how the OS system call interface works), network security (TLS, IDS, port scanning, and firewalls), cryptography (different primitives and their usage to guarantee security properties), and language-based security (how compiler hardening techniques work).
Aim
In this course you will learn through a simulated security engagement how to reason about cybersecurity, how attackers view systems, how to report security issues you find, and more importantly, how to think about the sustainability, legal and ethical consequences of your cybersecurity related activities.The course will be complemented with various guest lectures, so you can also see how different actors in the cybersecurity world view and reason about system security.
This course is suitable for students wanting to deepen their knowledge and understanding of cybersecurity by learning how to identify vulnerabilities in computer systems and how to successfully report and fix them.
Learning outcomes (after completion of the course the student should be able to)
Knowledge and understanding
- Localize independently adequate resources to further develop their own knowledge into ethical hacking, penetration testing, and offensive security.
- Explain based on current practices the importance of risk, impact, and likelihood when communicating and modeling cybersecurity issues.
- Describe in detail the different stages of a penetration test and which tools and procedures can be useful on each of them.
- Present overall the laws, regulations, policies and ethical implications related to ethical hacking and cybersecurity.
- Distinguish and describe in outline the different principles and techniques used by cybercriminals to gain access to IT systems.
Skills and abilities
- Perform professionally security assessments in an ethical and legal way.
- Identify, find, and use adequately the appropriate tools for offensive security tasks.
- Report comprehensively the results of a security engagement, both in writing and orally, in an understandable way using a risk-based approach.
Judgement ability and approach
- Assess critically the ethical and societal implications of cybersecurity operations, including the implications from the perspective of the United Nations Sustainable Development Goals.
- Prioritize methodically vulnerability assessment tasks in time-constrained settings utilizing risk, impact and likelihood.
- Evaluate systematically vulnerability impact using industry standards.
- Recommend with clear support on current best practices, the most appropriate course of action to strengthen IT security in IT systems.
Content
As computer systems become increasingly critical for society, understanding how attackers think and work when attacking them is crucial to being able to protect such a critical asset.Consequently, this course aims to provide the necessary foundations for students to be able to perform offensive security analysis in an ethical and legal way and successfully report their findings so they can be fixed.
To do so, the course will teach students how to perform the different stages of a common vulnerability assessment assignment, including a final report.
Furthermore, to ensure students make appropriate use of the acquired knowledge, the course also has the focus of making students understand the legal, societal and ethical implications of their cybersecurity operations.
Finally, to ensure the knowledge acquired by the students remains relevant, the course aims to teach students how to expand their knowledge to approach offensive cybersecurity assignments in areas on which they lack experience and expertise.
Organisation
The course consists of a series of pre-recorded lectures, guest lectures, seminars, laboratory exercises, and a final report.- The pre-recorded lectures serve as an aid for students lacking certain knowledge to perform their tasks.
- The guest lectures aim at providing an external perspective into the procedures and realities of ethical hacking. After the lecture, optional assignments may be provided.
- The seminars are compulsory and deepen into ethics, legal context, and other areas for which the project might not be appropriate. Some may also include compulsory assignments.
- The project makes the students perform the different stages of a normal security engagement.
- A compulsory final report may be required at the end of the course.
The course is given in English; Swedish will be used sparingly with agreement from all the students participating on the activity.
Literature
No specific book is used as a course book. The material consists of papers and various electronic resources.Examination including compulsory elements
The course will be assessed through the following components:- Completion of assignments after the guest lectures and seminars related to their contents.
- Participation in the mandatory seminars. This may be replaced by an alternative assignment if deemed adequate by the examiner.
- Completion of the project stages by the pre-established deadlines and presentation of results at the mandatory seminars established to that end.
- Contents and insights from the final report and the prior peer review process.
- Extra credit can be achieved from additional course-related tasks deemed appropriate by the examiner.
The grade for the entire course will be determined by the project.
The course examiner may assess individual students in other ways than what is stated above if there are special reasons for doing so, for example if a student has a decision from Chalmers about disability study support.