This is a bilingual snapshot page saved by the user at 2025-6-24 19:05 for https://courseap2.itc.ntnu.edu.tw/acadmOpenCourse/SyllabusCtrl?year=113&term=2&courseCode=CSC9007&co..., provided with bilingual support by Immersive Translate. Learn how to save?

  113 Academic Year 2nd Semester Course Outline

  @Respect intellectual property rights. Please do not photocopy textbooks at will.
Please respect the intellectual property rights, and shall not copy the textbooks arbitrarily.

  1. Basic Course Information
  Course number 2434   Duration   Dashuo
  Subject Code CSC9007   Course Title   Information security attack and defense drills
  English name Information Security: A Hands-On Approach
  Full/half year   Required/Elective   Elective
  Credits 3.0   Number of teaching hours per week   Course duration: 3 hours
  Course Level   Department of Computer Science and Engineering
  Prerequisites
  Course Description This course aims to combine theory with practice, allowing students to actually experience information security attack and defense on computers, and thus cultivate information security awareness in software development.
  Course Objectives   Core competencies of the corresponding departments
  1. Practice common attack and defense techniques   Bachelor:
  2-1 Have the ability to develop, analyze and integrate information systems
  master:
  2-1 Have the ability to develop, analyze and integrate information systems
  2. Cultivate information security awareness in software development   Bachelor:
  1-1 Have software development capabilities
  1-2 Be able to understand the relationship and operating principles of information system hardware and software
  master:
  1-1 Have software development capabilities
  1-2 Be able to understand the relationship and operating principles of information system hardware and software

  2. Syllabus
  Instructor   Ji Bowen
  Teaching schedule and topics

  Lecture topics (each topic may not be fixed for one week)

1.  Introduction

2.  Set-UID Programs

3.  Environment Variables and Attack

4. Shellshock Attack

5. Buffer Overflow Attack 

6.  Return to libc attack and ROP

7.  Format String Vulnerability

8. CSRF Attack

9.  XSS Attack

10.  SQL Injection Attack

11. Firewall

12. VPN

In addition, if there is an opportunity to integrate micro-courses with external companies or arrange speeches on special topics, the course content will be adjusted according to actual needs.
  Teaching Methods
  Way   illustrate
  Narrative Through storytelling, students are guided to review information systems and introduce related attacks.
  Experiment/Implementation   Actual attack drill.
  Assessment Method
  Way 百分比   illustrate
  Operation 60 % Six homework assignments are expected, each of which accounts for 10 points of the total score. The homework assignments will mainly be practical and hands-on questions.
  Final Exam 30 % The various attack methods introduced in class and the corresponding defense mechanisms are tested mainly in paper-and-pencil tests. The proportion of the final exam and the special topic may be adjusted.
  Featured 10 % It may be handled in the form of CTF or report submission. The proportion of the final exam and the project part may be adjusted.
  bibliography

Wenliang Du. Computer & Internet Security: A Hands-on Approach.

Copyright © 2025 National Taiwan Normal University