Security and Testing in Information Technology
Welcome to the Security and Testing in Information Technology (SPTI) course. This course combines theoretical foundations with hands-on labs to develop real-world competencies in offensive and defensive cybersecurity.
Your professional profile
As an information security professional, you will be responsible for identifying vulnerabilities, assessing risks, executing security tests, and communicating findings professionally. This course prepares you to think like an attacker and defend like an engineer.
Course content
Block 1: Foundations and reconnaissance
| Topic | Description |
|---|---|
| 00. Introduction to Cybersecurity | Fundamental concepts, CIA triad, importance of cybersecurity |
| 01. OSINT | Open source intelligence: techniques, tools, and ethics |
| 02. Linux | Terminal mastery, filesystem, permissions, and basic scripting |
| 03. Report Creation | Professional technical documentation of security findings |
| 04. Threat Modeling | Threat modeling with STRIDE, DREAD, and data flow diagrams |
Block 2: Analysis and exploitation
| Topic | Description |
|---|---|
| 05. Reverse Engineering | Static and dynamic binary analysis, disassemblers and debuggers |
| 06. Cryptography | Symmetric and asymmetric encryption, hashes, and practical applications |
| 07. Malware Analysis | Static and dynamic malware analysis, indicators of compromise |
| 08. Source Code Vulnerability Management | Detecting code vulnerabilities with SAST and manual review |
Block 3: Offensive security
| Topic | Description |
|---|---|
| 09. Ethical Hacking | Pentesting methodology: reconnaissance, exploitation, post-exploitation |
| 10. Buffer Overflow | Buffer overflow, memory manipulation, and shellcode |
| 11. Network Analysis | Network traffic capture and analysis, malicious pattern detection |
| 12. Security Architecture | Secure architecture, firewalls, segmentation, and access control |
Block 4: Defense and operations
| Topic | Description |
|---|---|
| 13. Digital Forensics | Evidence preservation, forensic image and memory analysis |
| 14. Web Application Security | OWASP Top 10, XSS, SQLi, CSRF, and web analysis tools |
| 15. Automation | Security task automation with Bash and Python |
| 16. DevSecOps | Security in CI/CD pipelines, code and container analysis |
Additional resources
Methodology
This course uses hands-on lab-based learning. Each topic combines theory and practice so you can apply concepts immediately. Throughout the semester:
- Identify threats and vulnerabilities — Reconnaissance and intelligence techniques
- Analyze systems and code — Reverse engineering, malware analysis, code review
- Execute security tests — Pentesting, controlled exploitation, network analysis
- Defend infrastructure — Secure architecture, digital forensics, automation
Navigation
Topics are designed to be followed sequentially. Each one builds on the previous ones. Internal links [[like this]] take you to related pages.
Instructor: Daniel Vela Methodology: Hands-on labs with offensive and defensive focus