The standard programme consists of the courses marked with *** and **. Cultural & Socio-economic Introduction to Belgium (marked with ***) is mandatory. The other courses, marked with **, can only be replaced by elective courses from the Bachelor in Cyber Security or Bachelor in Applied Computer Science - major Cyber Security, with approval after a screening of the desired prerequisites. In case of doubt, an online interview will be organised.In our experience, the elective courses are quite difficult for some exchange students, and we want to make sure you have the required prior knowledge. Mind that you are responsible for selecting the right courses at your level. No intake interview is needed if you apply for the standard programme.Back to English Taught Semester Applied Computer ScienceApplied Computer Science I (autumn) course overviewCourse unit descriptions for this programme (course catalogue) Courses Cultural & socio-economic introduction to Belgium (3ECTS) *** You will learn about Belgian and Flemish culture (history, architecture, literature, music, ...), political structure and socio-economic data, all in comparison to the socioeconomic data of your home country. This course includes a survival course Dutch, a cultural and historical walk through Bruges, and if possible, also a visit to the Parlamentarium and the European Parliament in Brussels and an additional visit specifically linked to the English-taught semester you follow.History of Flanders & BelgiumPolitical system in Belgium & EuropeBelgian EconomyHealth & Wellfare system in BelgiumCrash course Dutch International Project (3ECTS) ** Participation in the international project held at Howest. The project is multi-disciplinary and the topic of the last years has been Smart Car Race.During one week, normally held the end of March, you will work together with students of other universities. Our mission is to build a car with IoT hardware and to control it with your mind. As a minimum, a robot will drive forward/stop with your mind while a LED shows the status. At the end of the week we organise a race to decide which car was the best in control and which had the most original design.There is a participation cost of +/- 140 EUR is, which includes the sessions, labs, lunches, socio-cultural activities and farewell dinner. Web Backend (3ECTS) ** Advanced HTMLAdvanced JavaScript techniquesServer-side scriptingCascading Style SheetsThe use of git for creating and submitting delivered work is inextricably linked to this course. Capture the Flag (3ECTS) ** Capture the Flag is a guided exercise in which students search in groups for "flags" that have been deliberately hidden in code and environments.The following flags belong to the categories:- Forensics- Networking- Cryptography- Web Exploitation- Reverse engineering- Binary exploitationThe emphasis in this module is on web exploitation but also contains some networking flags.The output of the project is a report in which the student describes the search. Web Pentesting Fundamentals (3ECTS) ** Web Pentesting based on the OWASP top 10.FingerprintingXSSSQLi... Scripting and Code Analysis (6ECTS) ** This course aims at two objectives: learning to script sufficiently from the perspective of a cybersecurity professional and being able to analyze existing application code using automated tools (includinginterpretation).The content is:- Scripting basics and libraries for network and OS (Python and best practices)- Static code analysis (SAST, DAST): setup, configuration, interpretation- Programming with AI and interpretation- Building a network scanner- Scripting for the web and interaction with API's- DevSecOps Computer Networks (6ECTS) ** Introduction (terminology, types of computer networks, network components etc.)Usage of a NOS (network operating system)Network models and protocolsNetwork access (wired vs wireless)EthernetNetwork layerTransport layerIP addressing and subnettingApplication layerNetwork securityStatic routingVLANNAT Linux for Ethical Hackers (6ECTS) ** Content for this course includes:- Command line principles- Working with files and directories- Archiving and compression- Managing packages and processes- Network Services configuration- Manage users and groups- Ownership and permissions (including sudo)- Special permissions, links & file locations- Basic bash scripting- Scheduling- loggingNIST CSF 1.1 categoriesProtect- PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policyLearning pathsLinux- Special permissions (setgid, setuid) [1.1 Linux]- Account management (password file, shadow file, sudo) [1.1 Linux]- Ssh (public key authentication, port forwarding, agent) [1.1 Linux]- TMUX [1.1 Linux]- Other shells [1.1 Linux]- Package management [1.1 Linux]- Archiving and compression, rsync [1.1 Linux]- Hard and soft links [1.1 Linux]-Mount, dd, [1.1 Linux]- Network config: interfaces, iproute2, networkmanager, systemd-networkd, [1.1 Linux]- Systemd services [1.1 Linux]- Logging [1.1 Linux]- Scheduling [1.1 Linux]- Basic bash scripting [1.1 Linux]- Working with text files, file system hierarchy, find [1.1 Linux]- ntp client [1.1 Linux]- tools [1.1 Linux]- Distros: Kali, Debian [1.1 Linux]CyBOK 1.1 knowledge areas- isolation [4.5 Operating Systems and Virtualization Security]- mediation [4.5 Operating Systems and Virtualization Security]- design choices [4.5 Operating Systems and Virtualization Security]- security domains [4.5 Operating Systems and Virtualization Security]ENISA CSF skills and knowledge- Operating systems security Web Security and Honeypot (6ECTS) Setting up secure Web Environments with HTTPS, WAF and authentication in different types of webservers (Apache, NGINX,...)Next to the web environment we'll set up a logging environment to monitor the activity.In the second part of the course we'll set up a Honeypot in a group project Datacenter Virtualisation and Cloud Security (6ECTS) Elements coveredDifferent storage architecturesVarious storage techniques for flexibility and redundancyMultiple methods for server virtualizationContainers Cyberops (6ECTS) Elements covered:LinuxDifferent Linux distros and shellsNetwork configuration / firewalling (eg iptables, ...)Authentication (eg NSS, PAM, ... )Other security techniques (eg SELinux, ...)...WindowsWindows ServerAuditing and Logging (eg audit GPOs, ...)Update management (eg WSUS, ...)Security (eg Bitlocker, ...)...Mixed Linux/Windows environments (eg Powershell on Linux, Linux in AD, ...) Data Privacy and IT Law (3ECTS) ** Study of the most important legal points of interest:Intellectual PropertyElectronic commerceLaw of obligations & in detail IT contractsProof and electronic signatureOpen source softwarePrivacy and data processingCamera legislationComputer crime law Risk Management, Threat Modelling and Security Policy (3ECTS) Requirements and risk managementSystem modelSecurity objectivesRisk assessmentThreats: attacker modelAttack patterns: CAPEC, MAEC, ...Threat modeling: STRIDE-LM, LINDDUN, DREAD, ...Threat intelligence: Pyramid of pain, Lockheed Martin Kill chain, Diamond, ATT&CK (incl ICS), CAR, CAPEC, CWE, CVE, OWASP, ...Mitigations: Defense modelSecurity controlsSecurity and data protection by designIncident responseCompliance and governanceFrameworks: ISO 27K, COBIT, COBIT Risk, COBIT Information Security, NIST SP 800.53, NIST CSF, CMMI, CIS, PCI DSS, ...Legal: GDPR, LED, NIS, EIDAS, E-privacy, EU cybersecurity act, PSD2, PNR, ...Security organisation and conclusionsCase studyThreat identification (information security and data protection)Threat risk assessmentControls Cultural & socio-economic introduction to Belgium International Project Web Backend Capture the Flag Web Pentesting Fundamentals Scripting and Code Analysis Computer Networks Linux for Ethical Hackers Web Security and Honeypot Datacenter Virtualisation and Cloud Security Cyberops Data Privacy and IT Law Security Management, Threat and Risk Assessment