Skip to main content

The standard programme consists of the courses marked with *** and **.

Cultural & Socio-economic Introduction to Belgium (marked with ***) is mandatory. The other courses, marked with **, can only be replaced by elective courses from the Bachelor in Cyber Security or Bachelor in Applied Computer Science - major Cyber Security, with approval after a screening of the desired prerequisites. In case of doubt, an online interview will be organised.

In our experience, the elective courses are quite difficult for some exchange students, and we want to make sure you have the required prior knowledge. Mind that you are responsible for selecting the right courses at your level. No intake interview is needed if you apply for the standard programme.

Course unit descriptions for this programme (course catalogue)


Cultural & socio-economic introduction to Belgium (3ECTS) ***

You will learn about Belgian and Flemish culture (history, architecture, literature, music, ...), political structure and socio-economic data, all in comparison to the socioeconomic data of your home country. This course includes a survival course Dutch, a cultural and historical walk through Bruges, and if possible, also a visit to the Parlamentarium and the European Parliament in Brussels and an additional visit specifically linked to the English-taught semester you follow.

  • History of Flanders & Belgium
  • Political system in Belgium & Europe
  • Belgian Economy
  • Health & Wellfare system in Belgium
  • Crash course Dutch

International Project (6ECTS) **

Participation in the international project held at Howest. The project is multi-disciplinary and the topic of the last years has been Smart Car Race.

During one week, normally held the end of March, you will work together with students of other universities. Our mission is to build a car with IoT hardware and to control it with your mind. As a minimum, a robot will drive forward/stop with your mind while a LED shows the status. At the end of the week we organise a race to decide which car was the best in control and which had the most original design.

There is a participation cost of +/- 140 EUR is, which includes the sessions, labs, lunches, socio-cultural activities and farewell dinner.

Web Backend (3ECTS) **

  • Advanced HTML
  • Advanced JavaScript techniques
  • Server-side scripting
  • Cascading Style Sheets

The use of git for creating and submitting delivered work is inextricably linked to this course.

Capture the Flag (3ECTS) **

Capture the Flag is a guided exercise in which students search in groups for "flags" that have been deliberately hidden in code and environments.

The following flags belong to the categories:
- Forensics
- Networking
- Cryptography
- Web Exploitation
- Reverse engineering
- Binary exploitation

The emphasis in this module is on web exploitation but also contains some networking flags.
The output of the project is a report in which the student describes the search.

Web Pentesting Fundamentals (3ECTS) **

Web Pentesting based on the OWASP top 10.

  • Fingerprinting
  • XSS
  • SQLi
  • ...

Scripting and Code Analysis (6ECTS) **

This course aims at two objectives: learning to script sufficiently from the perspective of a cybersecurity professional and being able to analyze existing application code using automated tools (including

The content is:
- Scripting basics and libraries for network and OS (Python and best practices)
- Static code analysis (SAST, DAST): setup, configuration, interpretation
- Programming with AI and interpretation
- Building a network scanner
- Scripting for the web and interaction with API's
- DevSecOps

Computer Networks (6ECTS) **

  • Introduction (terminology, types of computer networks, network components etc.)
  • Usage of a NOS (network operating system)
  • Network models and protocols
  • Network access (wired vs wireless)
  • Ethernet
  • Network layer
  • Transport layer
  • IP addressing and subnetting
  • Application layer
  • Network security
  • Static routing
  • VLAN
  • NAT

Linux for Ethical Hackers (6ECTS) **

Content for this course includes:

- Command line principles
- Working with files and directories
- Archiving and compression
- Managing packages and processes
- Network Services configuration
- Manage users and groups
- Ownership and permissions (including sudo)
- Special permissions, links & file locations
- Basic bash scripting
- Scheduling
- logging

NIST CSF 1.1 categories

- PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy

Learning paths

- Special permissions (setgid, setuid) [1.1 Linux]
- Account management (password file, shadow file, sudo) [1.1 Linux]
- Ssh (public key authentication, port forwarding, agent) [1.1 Linux]
- TMUX [1.1 Linux]
- Other shells [1.1 Linux]
- Package management [1.1 Linux]
- Archiving and compression, rsync [1.1 Linux]
- Hard and soft links [1.1 Linux]
-Mount, dd, [1.1 Linux]
- Network config: interfaces, iproute2, networkmanager, systemd-networkd, [1.1 Linux]
- Systemd services [1.1 Linux]
- Logging [1.1 Linux]
- Scheduling [1.1 Linux]
- Basic bash scripting [1.1 Linux]
- Working with text files, file system hierarchy, find [1.1 Linux]
- ntp client [1.1 Linux]
- tools [1.1 Linux]
- Distros: Kali, Debian [1.1 Linux]

CyBOK 1.1 knowledge areas
- isolation [4.5 Operating Systems and Virtualization Security]
- mediation [4.5 Operating Systems and Virtualization Security]
- design choices [4.5 Operating Systems and Virtualization Security]
- security domains [4.5 Operating Systems and Virtualization Security]

ENISA CSF skills and knowledge
- Operating systems security

Data Privacy and IT Law (3ECTS) **

Study of the most important legal points of interest:

  • Intellectual Property
  • Electronic commerce
  • Law of obligations & in detail IT contracts
  • Proof and electronic signature
  • Open source software
  • Privacy and data processing
  • Camera legislation
  • Computer crime law

Server System Management (6ECTS)

  • Windows Server Lab
    • Installation and configuration of a (virtual) Windows network (domain model)
    • Querying, entry, adapting and removing Active Directory information using a GUI & Windows PowerShell cmdlets
    • Installation, configuration en usage of server roles on a server in a domain model (file server, DHCP server, DNS server, web server...)
    • Users and Group maintenance in a domain model
    • Setting up share- & NTFS-permissions on shared folders
    • Configuring users and computers through Group Policies
    • Introduction and exploration of the Microsoft Azure platform
    • Scripts
  • Linux Server Lab
    • Command line principles
    • Working with files & directories
    • Archiving and compression
    • Pipes & redirection
    • Managing packages & processen
    • Network Services configuration (incl. SSH, DHCP & DNS)
    • Managing users and groups
    • Ownership & permissions (including sudo)
    • Special permissions, links & file locations
    • Scripts
    • Network Booting (PXE)

Forensic Analysis (3ECTS)

  • The forensic process
  • Hard Drives - hardware details
  • Volumes analysis
  • File systems
  • Application level forensics
  • Windows registry forensics
  • Data Recovery
  • Secure data-removal
  • Data Hiding, steganography
  • Anti-Forensic tools

.NET Technology Fundamentals (3ECTS)

  • .NET Ecosystem
  • C# Fundamentals and OO
  • Libraries
    • creating
    • consuming
  • LinQ
  • Entity Framework
  • Web Application
    • viewmodels
    • forms and taghelpers
    • sessions
    • master/view sections
  • Security
    • identity
    • OAuth

Web Pentesting Advanced (3ECTS)

Web Pentesting Advanced continues where Web Pentesting Fundamentals has stopped and expands into a wider field of topics.

Security Management, Threat and Risk Assessment (3ECTS)

  • Requirements and risk management
    • System model
    • Security objectives
    • Risk assessment
  • Threats: attacker model
    • Attack patterns: CAPEC, MAEC, ...
    • Threat modeling: STRIDE-LM, LINDDUN, DREAD, ...
    • Threat intelligence: Pyramid of pain, Lockheed Martin Kill chain, Diamond, ATT&CK (incl ICS), CAR, CAPEC, CWE, CVE, OWASP, ...
  • Mitigations: Defense model
    • Security controls
    • Security and data protection by design
    • Incident response
  • Compliance and governance
    • Frameworks: ISO 27K, COBIT, COBIT Risk, COBIT Information Security, NIST SP 800.53, NIST CSF, CMMI, CIS, PCI DSS, ...
    • Legal: GDPR, LED, NIS, EIDAS, E-privacy, EU cybersecurity act, PSD2, PNR, ...
    • Security organisation and conclusions
  • Case study
  • Threat identification (information security and data protection)
  • Threat risk assessment
  • Controls