2025 (Current Year) Faculty Courses School of Computing Major courses
Attack and Defense on Cybersecurity III
- Academic unit or major
- Major courses
- Instructor(s)
- Keisuke Tanaka / Mitsuyoshi Sugaya / / /
- Class Format
- Lecture/Exercise
- Media-enhanced courses
- -
- Day of week/Period
(Classrooms) - Class
- -
- Course Code
- XCO.T477
- Number of credits
- 110
- Course offered
- 2025
- Offered quarter
- 4Q
- Syllabus updated
- May 29, 2025
- Language
- Japanese
Syllabus
Course overview and goals
With the advanced use of information and communications technology involving the internet, cybersecurity threats have become increasingly serious. Cyber attacks continue to have a serious impact on society, and the damage caused to society by the leakage of personal information and intellectual property due to cyber attacks is immeasurable. Despite the importance of the cybersecurity field, there is currently a significant shortage of human resources.
In response to such social needs, Tokyo Institute of Technology, the predecessor of Institute of Science Tokyo, has launched Progressive Graduate Minor in Cybersecurity in April 2016. In this minor, students will learn the practical aspects of cybersecurity, in collaboration with NRI as core, Rakuten, NTT, and AIST, and at the same time acquire knowledge of the theoretical background by taking advantage of the strengths of the theoretical field, which is a distinctive feature of the information and communication research field at Institute of Science Tokyo.
The curriculum consists of the following six courses as core, offered at School of Computing.
Foundation of Cybersecurity (1Q, 2-0-0)
Theory of Cryptography for Cybersecurity (3Q, 2-0-0)
Cybersecurity Governance (4Q, 1-1-0)
Attack and Defense on Cybersecurity I (2Q, 1-1-0)
Attack and Defense on Cybersecurity II (2-3Q, 1-1-0)
Attack and Defense on Cybersecurity III (4Q, 1-1-0)
In this course, students will understand attacks on web applications and how to defend against them, and learn the basics for security-conscious system development and network operation. In addition, students will learn basic knowledge and simple investigation methods by experiencing investigation methods (forensics) when responding to incidents.
Course description and aims
By the end of this course, students will be able to understand:
1) the topics to build secure Web application, and
2) the right forensic and investigation.
Keywords
Web application security, computer forensic
Competencies
- Specialist skills
- Intercultural skills
- Communication skills
- Critical thinking skills
- Practical and/or problem-solving skills
Class flow
The class offers a standard-type of lecture and also hands-on exercise related to the topic.
Course schedule/Objectives
| Course schedule | Objectives | |
|---|---|---|
| Class 1 | Orientation, Internet and Information Security Fundamentals | Understand the notion of information security. |
| Class 2 | Input/Output Validation (1) (XSS, SQL injection, Directly Traversal, OS Command Injection) | Understand the notion of input/output validation. |
| Class 3 | Input/Output Validation (2) (XSS, SQL injection, Directly Traversal, OS Command Injection) | Understand the notion of input/output validation. |
| Class 4 | User Authentication (Account Hacking, Brute Force, Password Reminder) | Understand user authentication. |
| Class 5 | Session Management (Session Hijacking, Session Fixation) | .Understand the notion of session management. |
| Class 6 | Access Control (Privileges Escalation, Spoofing) | Understand the notion of access control. |
| Class 7 | Web Application Development and Security | Understand the development of web application. |
| Class 8 | Capture the Flag | Understand the notion of information security. |
| Class 9 | Computer Forensic Overview | Understand the notion of computer forensic. |
| Class 10 | File System Fundamentals (File Structure, Binary Data, File System, FAT, NTFS, Disc Images, Encryption) | Understand file systems. |
| Class 11 | Memory Forensic Fundamentals (1) (Memory, Process, Library, Process Management Objects, Memory Images) | Understand the notion of memory forensic. |
| Class 12 | Memory Forensic Fundamentals (2) (Memory, Process, Library, Process Management Objects, Memory Images) | Understand the notion of memory forensic. |
| Class 13 | Artifact Analysis (MS-Windows .Forensic Tools Fundamentals (Forensic Tools, IOC) | Understand artifact analysis. |
| Class 14 | File Carving and Anti-Forensic Fundamentals (Restoring Deleted File, Restore Functions) | Understand the notion of file carving. |
Study advice (preparation and review)
To enhance effective learning, students are encouraged to spend approximately 100 minutes preparing for class and another 100 minutes reviewing class content afterwards (including assignments) for each class. They should do so by referring to textbooks and other course material.
Textbook(s)
Secure Eggs Series “Forensic” and “Web Application Security” (NRI SecureTechnologies)
Reference books, course materials, etc.
None
Evaluation methods and criteria
The evaluation consists of two exams as homework assignments during the course. Instructors also give exercises in the classes.
Related courses
- XCO.T473 : Foundation of Cybersecurity
- XCO.T474 : Theory of Cryptography for Cybersecurity
- XCO.T478 : Cybersecurity Governance
- XCO.T475 : Attack and Defense on Cybersecurity I
- XCO.T476 : Attack and Defense on Cybersecurity II
Prerequisites
Students must have successfully completed Attack and Defense on Cybersecurity I (XCO.T475), or have equivalent knowledge.
A computer will be used in this course. Bring you own PC/Mac to the lecture room.
Contact information (e-mail and phone) Notice : Please replace from ”[at]” to ”@”(half-width character).
keisuke[at]comp.isct.ac.jp (Contact us via Slack direct message)
Office hours
Appointment by Slack direct message is required.