Teachers and associates
mr. sc. Dražen Pranić, dipl. ing.
Robert Petrunić, struč.spec.ing.comp
The course aims
The aim of the course is to introduce students to the functioning of e-business , with views of information security . The college students will be familiar with security vulnerabilities , methods of their exploitation and prevention.
Introduction. The concepts and relations in the field of electronic business. The form and validity of contracts in electronic form. The responsibility of service providers in the information society. Electronic documents. The principles of the use and traffic of electronic documents, storing electronic documents, information broker services, protection of electronic documents. Electronic documents with contents of limited use, certification of equipment for the use of electronic documents with confidential data in public authorities. Penal provisions and rights, obligations and responsibilities of the signatories and certification services providers. Scanning network and PC, enumeration of interesting data from your computer, hacking system, Trojans, Sniffers - tools for capturing packets on the network, DoS, social engineering, the decline in the user session, hacking web servers, web application vulnerabilities, web-based services for cracking passwords , SQL injection, viruses and worms, physical security, avoiding IDS, overflow memory buffer (buffer overflovv), penetration testing the system. The protection system.
Handbook - Sigurnost elektroničkog poslovanja, Algebra, grupa autora, Zagreb, 2010.
1. CEH: Official Certified Ethical Hacker Review Guide: Exam 312-50 Autor: Kimberly Graves
2. Microsoft Forefront Threat Management Gateway (TMG) Administrators Companion Autori: Jim Harrison, Yuri Diogenes, Mohit Saxena Microsoft Press
3. Zakon o elektroničkoj trgovini, Zakon o elektroničkoj ispravi, Zakon o elektroničkom potpisu
4. Peter G Smith: Linux Network Security, Charles River Media 2005.
Minimum learning outcomes
- To describe the steps and methods of the implementation of information system security check.
- To define methods of enumeration and elevation of privilege such as buffer overflow and security methods.
- To apply basic user password attack methods.
- To describe network traffic browsing methods and their security.
- To explain attack and web application security methods: XSS, SQL Injection, CSRF.
Preferred learning outcomes
- To apply the steps and methods of the implementation of information system security check.
- To explain the methods of enumeration and elevation of privilege such as buffer overflow and security methods.
- To differentiate the efficiency of particular user password attack methods.
- To apply data security and confidentiality security methods on a network level.
- To apply web application security methods and to correctly write input functions.