Applied Computer Science (autumn & spring)

Minimum 2 successfully completed semesters or an equivalent of 60 ECTS in a Bachelor programme in the domain of Computer Sciences. For the Spring Semester you should have some preknowledge about computer hardware, be familiar with building blocks of programming languages and know the fundamentals of web (html, css and javascript).

If you want to take electives, an intake interview is mandatory to check your preknowledge.

Click here for Howest language expectations.

All students should bring their own laptop, with the following minimum requirements: 16GB RAM memory, SSD hard disk, i5 processor with VTX and a 64-bit architecture. More details can be found on www.howest.be/laptops

The link of each course in the course overview below mentions any specific software necessary for the course unit. Howest applies a very strict policy on the use of legal software.

You will learn about Belgian and Flemish culture (history, architecture, literature, music, ...), political structure and socio-economic data, all in comparison to the socioeconomic data of your home country. This course includes a survival course Dutch, a cultural and historical walk through Bruges, and if possible, also a visit to the Parlamentarium and the European Parliament in Brussels and an additional visit specifically linked to the English-taught semester you follow.

- History of Flanders & Belgium
- Political system in Belgium & Europe
- Belgian Economy
- Health & Wellfare system in Belgium
- Crash course Dutch

The student completes a project by a given non-technical briefing as a group assignment with other students.

This course is all about the hardware of the computer, the operating system on the computer and working with IT software from a point of view of a poweruser to execute different kind of tasks. The power user has administrator or root privileges on the OS and has only that pc.

Hardware:
- Introduction to number systems, computer parts, bios, troubleshooting, ...
- Different types of computers
- Electronic components and logic functions in a circuit

OS:
- Introduction to operating systems and virtualisation
- Basic administration- and automatisation tasks in Windows & Linux
- Use the systemtasks in the CLI & GUI

Cybersecurity Introduction and Overview
Cybersecurity Concepts
Security Architecture Principles
Security of Networks, Systems, Applications and Data
Incident Response
Security Implications and Adoption of Evolving Technology
Guest Speakers about cybersecurity subjects

Control structures: sequencing, selection and iteration
Variables and data types
Algorithms and data structures: 1 and 2 dimensional lists
Functions: arguments, parameters and return values, complexity
Software Design: decomposition, divide and conquer
Algorithms and data structures: binary and linear search in a list
Testing: make use of unit testing
Basic version control

Creating web applications using HTML, CSS and JavaScript

PART 1: HTML & CSS
Developing websites with semantic and valid HTML5
A plethora of tags, such as the semantic containers, lists, navigation elements, forms, tables and many others are taught in order to translate text to a logical HTML structure.
Modern CSS techniques that will effortlessly translate into responsible design, most notably by deep knowledge of box model. All CSS properties required to design and develop a contemporary web application
Leveraging CSS selectors (novice, intermediate and advanced) for efficient coding
Flex

Integrating automated tools to validate the end result and emphasising code quality

PART 2: JavaScript

Scripting for web applications following the latest ECMA script standards

Application of:

• variables and scope
• if, switch, while, for
• Functions And Arrays
• Objects and JSON
• DOM selection
• Event handling ( binding, this )
• Higher order functions
• Handling user input
• Local / session storage
• Arrow functions
• Timers and intervals
  in practice, simulated in real world cases.
  
  
  GENERAL (apples to all course components):
  Code is developed with cross browser & cross device equivalent behaviour in mind.
  Code quality is a large part of the course. Several best practices as well as "Don't"s will be handled by means of examples.

Working with git is an integral part of this course, for completing exercises and handing in assignments

Introduction: database, database system, relational database system, SQL

SQL: read, insert, update and delete data

Making a relational data model using normalization

SQL: implementation of the relational data model

• Review of algebra and precalculus
• Set theory and logic
• Logarithms, functions and graphs
• Introduction to cryptography (modular arithmetic)
• Affine cipher, hash functions and RSA
• Techniques from linear algebra
• Introduction to codes and linear codes

Artificial Intelligence

Introduction to AI and AI Solutions to support the business processes.

Digital Economy

History Digital Economy / Overview IT Landscape / IT Business models / Job market: IT profiles / Cryptocurrencies (blockchain) & Fintech / Current topics

Digital Business & Process Management

Definition Process thinking & company structures / Introduction to business software: ERP, CRM, WMS, ... / Most important business processes in a business are discussed: Finance, Purchase, CRM & Sales, Production, HR, Project management, Business Intelligence, ...

Cases for each process are executed in Odoo (open source ERP)

General Operating Systems Concepts

- Introduction to different operating systems
- Process Management & Scheduling
- Memory management
- Network Management
- User management
- File manager
- Functionality management (Packages/Features)
- OS-level Virtualization (with intro Docker)
- ...

Conceptual differences between Unix/Linux & Windows

- Computer history
- Examples and implementation of the various general concepts
- Introduction to the Linux/Unix philosophy
- Introduction to Windows server (Active Directory) concepts
- ...

You create the appropriate documents using the correct methodology for the analysis of a company request or need. Design of an information model for data based on the application and structure of data. Designs of the technical interfaces and communication channels for communication between a technical person an an IT system or between IT systems and components.

Web Pentesting Advanced continues where Web Pentesting Fundamentals has stopped and expands into a wider field of topics.

Object oriented programming: SOLID
Secure Development (Oracle's Secure Coding Standards)
High-quality development: design patterns and unit testing
Software architectures: 3-layered model, multi-layered model, client-server

Java-application with GUI
Java-application with persistency (file and database)
Java-application with sockets communication (network)

Capita selecta of advanced topics.

Statistics

- Descriptive statistics
- Probability
- Probability distributions

Data Mining / Machine Learning

- Regression
- Classification
- Clustering

Working with different types webservers (Apache, NGINX, IIS)
Setup of a webserver: request & response model
HTTPS
Authentication
Use of modern server side scripting technologies
Security aspects of a webserver
Security aspects of a modern web application
Advanced web techniques
Security OWASP top 10

SAN / NAS
Windows storage management
Server Virtualisation (ESXi)
Hyper-V
KVM
Datacenter Deployment

Linux
Different Linux distros and shells
Network configuration / firewalling (eg iptables, ...)
Authentication (eg NSS, PAM, ... )
Other security techniques (eg SELinux, ...)
Windows
Windows Server
Auditing and Logging (eg audit GPOs, ...)
Update management (eg WSUS, ...)
Security (eg Bitlocker, ...)
Mixed Linux/Windows environments (eg Powershell on Linux, Linux in AD, ...)

Knowledge of possible security problems (incl. data privacy) related to an IT solution or system in an organisation will be indetified.

- actors, stakeholders and external systems that will integrate with the to-be developed IT system.
- exceptional situations (necessity of a monitoring system) of an IT-solution/system.
- necessary IT components and solutions in an IT system.

IT component

- adaptive design
- installation / configuration

Requirements and risk management
System model
Security objectives
Risk assessment
Threats: attacker model
Attack patterns: CAPEC, MAEC, ...
Threat modeling: STRIDE-LM, LINDDUN, DREAD, ...
Threat intelligence: Pyramid of pain, Lockheed Martin Kill chain, Diamond, ATT&CK (incl ICS), CAR, CAPEC, CWE, CVE, OWASP, ...
Mitigations: Defense model
Security controls
Security and data protection by design
Incident response
Compliance and governance
Frameworks: ISO 27K, COBIT, COBIT Risk, COBIT Information Security, NIST SP 800.53, NIST CSF, CMMI, CIS, PCI DSS, ...
Legal: GDPR, LED, NIS, EIDAS, E-privacy, EU cybersecurity act, PSD2, PNR, ...
Security organisation and conclusions
Case study
Threat identification (information security and data protection)
Threat risk assessment
Controls

Cryptography algorithms
Theory: Galois, prime numbers, Fermat, Euclidean
Symmetric block ciphers : Feistel, DES , AES , ...
Symmetric ciphers mode of operation: ECB, CBC, CFB, OFB, XTS-AES, GCM, CCM, KW
Hashing: SHA2, SHA3, perceptual hashing, ...
Random numbers: TRNG, PRNG, ANSI X 9.17
Stream ciphers: RC4, others, ...
Asymmetric cyphers : RSA , Diffie-Helman , El-Gamal, ECC , ...
Data integrity algorithms : Hash functions , MAC , DSA, ECDSA, RSA-PSS, ...
Mutual trust : Distribution of keys , X.509, PKI , ...

Applying crypto
Cryptography protocols
Cryptography applications: files, messages, databases, disks, e-id
Achieving privacy in a distributed network
Use of crypto in bitcoin and blockchain
Modern crypto / blockchain / distributed: secret sharing, secure multiparty, post quantum, homomorphic, attribute based / identity based encryption, electronic voting, light-weight crypto, zero-knowledge proof, oblivious RAM, blockchain
Differential privacy and other privacy preserving methods: PPDM, PPDP, PPML, federated learning

Cryptanalysis
Crypto libraries
Crypto guidelines

Using Python modules to apply these concepts

In this course, we’ll look at a number of innovative and emergent subjects within the security domain:

1. Industrial security

Introduction to industrial control systems
Introduction to PLC programming
Industrial fieldbus protocols
Security and auditing techniques for industrial installations

2. Cyber artificial intelligence

The history of AI
Basic concepts
Practical methods
Applications in intrusion detection

3. Software Defined Radio

Introduction to radio communication
Analog data radio communication
Digital data radio communication

4. Near-Field Communication (NFC)

Introduction to NFC
Security risks of NFC

You will learn about Belgian and Flemish culture (history, architecture, literature, music, ...), political structure and socio-economic data, all in comparison to the socioeconomic data of your home country. This course includes a survival course Dutch, a cultural and historical walk through Bruges, and if possible, also a visit to the Parlamentarium and the European Parliament in Brussels and an additional visit specifically linked to the English-taught semester you follow.

- History of Flanders & Belgium
- Political system in Belgium & Europe
- Belgian Economy
- Health & Wellfare system in Belgium
- Crash course Dutch

Participation to the international project held at Howest. The project is multi disciplinairy and the topic is in the domain of business and IT.

Classes and Objects
Objects and Equality
Objects and order
Algorithms and data structures: Collections
Software Design: turn a text into an OO design and an OO program
Polymorphism, inheritance and interfaces
Exception handling
Testing: write and use unit testing
Algorithms and data structures: trees, traversal and search
Basic version control

• Advanced JavaScript techniques
• Server-side scripting
• Cascading Style Sheets

Web Pentesting based on the OWASP top 10.

- Fingerprinting
- XSS
- SQLi
- ...

The student is able to produce a software solution concept based on a minimal non-technical briefing. The student is expected to conduct both functional as well as non-functional analysis.

This entails:

• Flow charts
• Use cases, use case diagrammes and their companion user stories and example mapping
• High level software modelling by application of context, deployables and component diagrammes
• Producing clickable wireframes
• Ethical design in software solutions, based on given philosophies

- Introduction (terminology, types of computer networks, network components etc.)

- Usage of a NOS (network operating system)
- Network models and protocols
- Network access (wired vs wireless)
- Ethernet
- Network layer
- Transport layer
- IP addressing and subnetting
- Application layer
- Network security
- Static routing
- VLAN
- NAT

Windows Server Lab
- Installation and configuration of a (virtual) Windows network (domain model)
- Querying, entry, adapting and removing Active Directory information using a GUI & Windows PowerShell cmdlets
- Installation, configuration en usage of server roles on a server in a domain model (file server, DHCP server, DNS server, web server...)
- Users and Group maintenance in a domain model
- Setting up share- & NTFS-permissions on shared folders
- Configuring users and computers through Group Policies
- Introduction and exploration of the Microsoft Azure platform
- Scripts

Linux Server Lab
- Command line principles
- Working with files & directories
- Archiving and compression
- Pipes & redirection
- Managing packages & processen
- Network Services configuration (incl. SSH, DHCP & DNS)
- Managing users and groups
- Ownership & permissions (including sudo)
- Special permissions, links & file locations
- Scripts
- Network Booting (PXE)

• Reconnaissance
• Scanning
• Enumeration
• System Hacking
• Sniffers
• Password Auditing
• Hacking Wireless Networks
• Pivoting
• Post Exploitation

• The forensic process
• Hard Drives - hardware details
• Volumes analysis
• File systems
• Application level forensics
• Windows registry forensics
• Data Recovery
• Secure data-removal
• Data Hiding, steganography
• Anti-Forensic tools

.NET Ecosystem
C# Fundamentals and OO
Libraries

• creating
• consuming

LinQ
Entity Framework
Web Application

• viewmodels
• forms and taghelpers
• sessions
• master/view sections

Security

• identity
• OAuth

• Computerhardware & Operating Systems Recap
• Basic Static
• Basic Dynamic
• Advanced Static
• Advanced Dynamic
• Malware Overview
• Reverse Engineering
• Exploit Development

Study of the most important legal points of interest
- Intellectual Property
- Electronic commerce
- Law of obligations & in detail IT contracts
- Proof and electronic signature
- Open source software
- Privacy and data processing
- Camera legislation
- Computer crime law

The course covers the following topics:

• General law in Belgium
• Judicial organisation
• Police forces in Belgium
• Criminal law and criminal proceedings
• International computer crime
• Relevant legislation
  • Cybercrime law
  • Law of the electronic economy
  • E-privacy Directive
  • KSZ
  • Cybersquatting
• Typical forms of cybercrime
  • Cyberbullying
  • Child pornography
  • Internet fraud

Securing and pentesting of mobile (web) applications.
Android: (adb, root, inspect apk's, ...)
General: Code obfuscation, Malware, ...