2025 (Current Year) Faculty Courses School of Computing Major courses
Attack and Defense on Cybersecurity II
- Academic unit or major
- Major courses
- Instructor(s)
- Keisuke Tanaka / Yoshinari Fukumoto / / Yuta Yamate / Masahiro Ishii
- Class Format
- Lecture/Exercise (Face-to-face)
- Media-enhanced courses
- -
- Day of week/Period
(Classrooms) - Intensive
- Class
- -
- Course Code
- XCO.T476
- Number of credits
- 110
- Course offered
- 2025
- Offered quarter
- 2-3Q
- Syllabus updated
- May 29, 2025
- Language
- Japanese
Syllabus
Course overview and goals
With the advanced use of information and communications technology involving the internet, cybersecurity threats have become increasingly serious. Cyber attacks continue to have a serious impact on society, and the damage caused to society by the leakage of personal information and intellectual property due to cyber attacks is immeasurable. Despite the importance of the cybersecurity field, there is currently a significant shortage of human resources.
In response to such social needs, Tokyo Institute of Technology, the predecessor of Institute of Science Tokyo, has launched Progressive Graduate Minor in Cybersecurity in April 2016. In this minor, students will learn the practical aspects of cybersecurity, in collaboration with NRI as core, Rakuten, NTT, and AIST, and at the same time acquire knowledge of the theoretical background by taking advantage of the strengths of the theoretical field, which is a distinctive feature of the information and communication research field at Institute of Science Tokyo.
The curriculum consists of the following six courses as core, offered at School of Computing.
Foundation of Cybersecurity (1Q, 2-0-0)
Theory of Cryptography for Cybersecurity (3Q, 2-0-0)
Cybersecurity Governance (4Q, 1-1-0)
Attack and Defense on Cybersecurity I (2Q, 1-1-0)
Attack and Defense on Cybersecurity II (2-3Q, 1-1-0)
Attack and Defense on Cybersecurity III (4Q, 1-1-0)
This course focuses on web security and digital forensics, the most important elements of cybersecurity. For web security, this course covers vulnerabilities (e.g. SQL injection) and demonstration of offensive techniques in web application. For digital forensics, it covers the importance of artifact analysis and how to apply the techniques to security incident investigation. The students will acquire practical knowledge and skills from an attack and defense perspective in cybersecurity.
Course description and aims
By the end of this course, students will be able to understand:
1) Vulnerabilities, offensive techniques, and countermeasures for web security
2) Fundamentals of digital forensics and artifact analysis approaches
3) The tools used in web security and digital forensics
Keywords
cybersecurity, network, software, programming, web application, digital forensics, artifact
Competencies
- Specialist skills
- Intercultural skills
- Communication skills
- Critical thinking skills
- Practical and/or problem-solving skills
Class flow
The class offers a standard type and a hands-on exercise style of lecture.
Course schedule/Objectives
| Course schedule | Objectives | |
|---|---|---|
| Class 1 | The overview of cybersecurity, and the review of pre-work. | Understand the core concepts of cybersecurity, web security, and digital forensics. |
| Class 2 | Overview of web security | Understand the core concepts of of web security and OWASP Top 10. |
| Class 3 | Hands-on web application vulnerability fundamentals (1) | Understand the core concepts of cross-site scripting vulnerabilities, attack techniques, and countermeasures. |
| Class 4 | Hands-on web application vulnerability fundamentals (2) | Understand the core concepts of SQL injection, attack techniques, and countermeasures. |
| Class 5 | Hands-on web application vulnerability fundamentals (3) | Understand the core concepts of vulnerabilities rel ated to authentication and authorization, attack techniques, and countermeasures. |
| Class 6 | Practical exercise of web security | Understand the vulnerability assessment approach by testing web applications. |
| Class 7 | Introduction of enterprise security | Understand security measures, implementation, and operation in a real world environment. |
| Class 8 | Overview of digital forensics and artifacts | Understand the core concepts of digital forensics and artifacts. |
| Class 9 | Insight and analysis into artifacts (1) | Understand the USN journal, which is an important artifact. |
| Class 10 | Insight and analysis into artifacts (2) | Understand the RDP bitmap cache, which is an important artifact. |
| Class 11 | Insight and analysis into artifacts (3) | Understand the SRUM, which is an important artifact. |
| Class 12 | Practical exercise of digital forensics | Understand the incident i nvestigation approach by analyzing artifacts. |
| Class 13 | Follow-up session (1) | Understand web security or digital forensics by working on tasks. |
| Class 14 | Follow-up session (2) | Understand web security or digital forensics by working on tasks. |
Study advice (preparation and review)
To enhance effective learning, students are encouraged to spend approximately 100 minutes preparing for class and another 100 minutes reviewing class content afterwards (including assignments) for each class.
They should do so by referring to textbooks and other course material.
Textbook(s)
Textbooks will be used in this course.
Reference books, course materials, etc.
References will be announced in classes.
Evaluation methods and criteria
The evaluation consists of the exercises solved in the classes.
Related courses
- XCO.T473 : Foundation of Cybersecurity
- XCO.T474 : Theory of Cryptography for Cybersecurity
- XCO.T478 : Cybersecurity Governance
- XCO.T475 : Attack and Defense on Cybersecurity I
- XCO.T477 : Attack and Defense on Cybersecurity III
Prerequisites
Students must have successfully completed Attack and Defense on Cybersecurity I (XCO.T475), or have equivalent knowledge.
Contact information (e-mail and phone) Notice : Please replace from ”[at]” to ”@”(half-width character).
keisuke[at]comp.isct.ac.jp (Contact us via Slack direct message)
Office hours
Appointment by a Slack direct message is required.