This course is part of the Cairo University Software Engineering Professional Master's Degree program.
| Unit | Main Topics | Key Concepts | Algorithms / Tools | Interactive Material |
|---|---|---|---|---|
| Unit 1 |
- Introduction to Information Security - Security Threats & Attacks - Security Services (CIA Triad) - Security Mechanisms - Network Security Models |
- Importance of Security (Big Data, Internet Growth) - Historical Context (ARPANET) - Information Security Definition - Confidentiality, Integrity, Availability (CIA) - Security Threats vs. Attacks - Active vs. Passive Attacks (Masquerade, Replay, DoS, Eavesdropping, Traffic Analysis) - Security Mechanisms (Encipherment, Access Control, Integrity, Digital Signature, Padding) - OSI Security Architecture Overview - General & Network Access Security Models - Security Trinity (Prevention, Detection, Response) |
- CIA Triad - Attack Classification - Security Models |
Quiz 1 |
| Unit 2 |
- Cryptography Concepts - Symmetric Key Ciphers - Classical Encryption Techniques - Modern Symmetric Block Ciphers |
- Cryptography Dimensions (Operations, Keys, Processing) - Terminology (Plaintext, Ciphertext, Encrypt, Decrypt, Key, Cipher) - Symmetric vs. Asymmetric Overview - Cryptanalysis (Goals, Brute-Force) - Substitution vs. Transposition - Stream vs. Block Ciphers - Classical Ciphers (Caesar, Monoalphabetic, Polyalphabetic, Playfair, Hill, Rail Fence) - Simple Modern Ciphers (XOR) - DES (Structure, Features, Weaknesses) - SDES (Simplified DES for learning) - 3DES (Structure, Keying Options) - AES (Structure, Key Sizes, Rounds, Operations: SubBytes, ShiftRows, MixColumns, AddRoundKey) |
- Caesar Cipher - Playfair Cipher - Hill Cipher - Rail Fence Cipher - XOR Cipher - DES / SDES - 3DES - AES |
1. Quiz 2
2. Cryptography visualizer 3. S-DES key generator visualizer |
| Unit 3 |
- Asymmetric Key Cryptography - Public Key Principles - RSA Algorithm - Diffie-Hellman Key Exchange - Other Asymmetric Systems |
- Public/Private Key Pairs - Encryption/Decryption Process - Authentication with Asymmetric Keys - Secrecy & Authentication Combined - Applications (Encryption, Digital Signatures, Key Exchange) - Requirements for Public Key Crypto - Cryptanalysis (Brute-force, Factoring) - Symmetric vs. Asymmetric (Comparison: Speed, Keys, Management, Use Cases) - Hybrid Approach (e.g., TLS/SSL, PGP) - RSA Algorithm Steps (Key Gen, Encrypt, Decrypt) - Euler Totient Function - Diffie-Hellman Steps (Setup, Key Calculation) - Primitive Roots, Modulo Arithmetic - ElGamal, ECC (Concepts) |
- RSA - Diffie-Hellman - ElGamal - ECC |
1. Quiz 3
2. RSA Visualizer |
| Unit 4 |
- Message Authentication - Hash Functions - MAC Algorithms - Digital Signatures - SHA Algorithms - Blockchain Hashing |
- Need for Authentication (Integrity, Sender ID, Replay Prevention) - Authentication Functions Overview - Hash Function Definition & Purpose - Properties (One-way, Collision Resistance) - Preimage vs. Collision - Hash Applications (Integrity Check, Passwords, MACs, Signatures) - Message Authentication Code (MAC) Process - Keyed Hash Function - HMAC vs. CMAC (Concept) - Digital Signature Process (Hashing + Asymmetric Encryption) - Simple Hash Functions (XOR-based) - Security Requirements for Hash Functions - Attacks (Brute-Force, Cryptanalysis, Birthday Attack) - Secure Hash Structure (Merkle–Damgård) - SHA Family (SHA-1, SHA-2 variants, SHA-3 Keccak/Sponge Construction) - Blockchain Basics (Ledger, Blocks, Chaining, Hashes, Immutability) - Block Structure (Header, Body, Merkle Root, Nonce) - Proof-of-Work vs. Proof-of-Stake |
- MAC (HMAC, CMAC) - Digital Signatures - SHA-1 - SHA-2 (256, 512) - SHA-3 - Merkle Trees - PoW / PoS |
Final revesion (all chapters) |
| Unit 5 |
- Secure Software Design (SSDLC) - Web Application Security - Firewalls |
- Secure Software Development Life Cycle (SSDLC) vs. SDLC - Importance of Early Security Integration - Key Principles (Security by Design, Monitoring, Risk Assessment, Training, Collaboration) - 7 Secure Design Principles (SaC, Secure Defaults, Least Privilege, SoD, Minimize Attack Surface, Complete Mediation, Fail Securely) - Best Practices for Secure Development - Web Security Principles (AuthN, Confidentiality, Integrity, Availability) - Common Web Threats (SQL Injection, Cross-Site Scripting - XSS, Broken Authentication) - Firewall Purpose & Function - Firewall Types (Packet Filtering, Stateful, Proxy, NGFW) - Web Application Firewall (WAF) - Purpose, How it works (Reverse Proxy), Relation to SQLi/XSS protection. |
- SSDLC Methodologies - OWASP Top 10 (Implied) - Firewalls (Various Types) - WAF |