Cybersecurity and Ethical Hacking Bootcamp

Date:

• Session 1: 17 July – 4 August 2022
• Session 2: 7 August – 25 August 2022

Time: 11:00 a.m. - 5:00 p.m.
Location: On-Campus
Fees: 4000 SAR

---

The strategic initiative of KSA’s Vision 2030 has Cybersecurity as one of its leading topics. This will require a workforce to support the information technology infrastructure in the Kingdom. Currently, there is a lack of local professionals in this field. Furthermore, there is a great interest among citizens to learn about it and get involved in Cybersecurity at all levels.

Program Overview
This comprehensive and practical 3-week bootcamp introduces its participants to the notions of common and important problems of today’s digital and computing world in terms of security. The bootcamp is of two parts:

• Part I explores the fundamentals of cybersecurity such as the concepts of threats, vulnerabilities, cyber wars, cyberterrorism, security ethics, governance, law, and discusses in detail the basics of risk assessment which represents the heart of professional information security. Fundamentals are essential to develop a security mindset, in which students learn to think like an attacker for ways to exploit a system. Using the newly developed mindset, students will be able to explore and analyze incidents through the security lenses of professionals.
• Part II of the bootcamp will go deep into penetration testing. Penetration testing is the process of evaluating software for security problems by qualified security experts (also known as penetration testers or ethical hackers). The purpose of such a test is to reinforce any security flaws in the software so that they aren't easily exploited (or misused) by the hacker community.

During web application penetration testing, the software being evaluated is a web application kept on a remote server that users may access via the internet. Because web applications are obvious targets for hackers, web application developers must conduct regular penetration testing to ensure that their web applications are free of security flaws and malware threats.

Program Objectives
At the end of the workshop, participants will have a better understanding of the modern cybersecurity threats, the measures of avoiding several “dangerous” habits and uses of today’s business IT infrastructure and avoid being victims of fraud(s) or attacks on the internet. Finally, the participants will get some real hands-on experience through real examples on how to evaluate the security of web application on the Internet and perform penetration testing.

Target Audience
This workshop is an excellent opportunity for high-school students who want to have some basic knowledge on cybersecurity. They will learn how to effectively maintain their own security online and at work. They will learn the good practices, and what to avoid and/or be careful using today’s computers. The target group are young people interested in learning information security, with some theoretical background or basic IT knowledge and/or experience, without necessarily a strong IT background. Also, advanced users will find some solid techniques and practices very useful.

Program Outline
The workshop is delivered though lectures, class discussions, individual and group case studies, practical usage of software and network tools, and assessment. The topics to be covered include the following:

• Security fundamentals
• Security governance
• Risk assessment
• Security professionalism and ethics
• Security awareness and training
• Penetration testing
• Accumulating information about a website
• Identifying relations using social networking
• Automate Spidering Web Applications
• Cracking the login credentials SQL injection
• Stealing Cookies
• Cross-Site Scripting (XSS) Attack

Note: Examples and Exercises will use virtualized environments that will not endanger individual property and will not cause any harm.

Prerequisites

• Be able to communicate in reading/writing of business English
• Be familiar with today’s basic ICT infrastructure (browse the internet, send emails, create/open/work on a document, etc.)
• Programming skills are not essential.
• Participants are strongly encouraged to bring their own laptop during classes. If they cannot do that, classes will be conducted in a computer lab.

Learning objectives:

• Learning the fundamentals of cybersecurity
• Understanding Security governance
• Understanding and applying security risk assessment and management
• Learning the basics of security professionalism and ethics
• Security awareness and training
• Web Applications Penetration Test
• Accumulating information about a website
• Identifying relations using social networking Automate Spidering Web Applications
• Cracking the login credentials SQL injection
• Stealing Cookies
• Cross-Site Scripting (XSS)

Tools and Technical requirements

1. Excel
2. Kali Linux
3. OWASP Broken Web Applications (BWA)

Instructors
1. Daniyal Alghazzawi is a Professor of Cybersecurity at the Computing Information Systems Department and the head of the Information Security Research Group at King Abdulaziz University. He graduated with a Ph.D. in computer science from the University of Kansas in 2007. He served in a variety of administrative and leadership roles and was awarded the Leadership Management International Certificate (LMI). In 2010, he was appointed Honorary Lecturer at the University of Essex. Daniyal has organized both domestic and international seminars and conferences. In the disciplines of smart e¬ learning, cybersecurity, and artificial intelligence, he is the author of multiple scholarly papers and patents. He has also served as a reviewer and editor for a number of local and international conferences, journals, workshops, and contests. Daniyal has worked as a consultant for a number of companies, assisting them in developing information security policies and obtaining certifications such as ABET, ISO27001, ISO22301, and others.

Department of Information Systems, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah (dghazzawi@kau.edu.sa), https://dghazzawi.kau.edu.sa

2. Suaad Alarifi is an Assistant Professor of Cybersecurity at the Computing Information Systems Department, King Abdulaziz University. She graduated with a Ph.D. in information security from the University of London, Royal Holloway college in 2015. She holds Bachelor's Degree in Computer Science from King Abdulaziz University and Master's Degree in Information Security from University of London. Suaad has provided consulting and training services in the field for different government and private organizations. She is also an external member in Institutional Biosafety and Bioethics Committee (IBEC) at KAUST.

Department of Information Systems, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah (salarifi@kau.edu.sa), https://salarifi.kau.edu.sa/

Security Aid Toolbox
Participants will take home a Security Aid Box. The Aid box is a collection of several check lists, forms, graphs, printed material, etc., along with several software tools. This Aid box will be used extensively during the bootcamp to give participants enough practice during the practical sessions.

Summary
This workshop is an excellent opportunity for everyday IT users to get a detailed and concrete knowledge of good practices regarding cybersecurity and understand basic notions about various attacks like viruses and worms and basic countermeasures, network attacks, penetration testing, and risk assessment.