Revised 8/2023

ITP 270 - Programming for Cybersecurity (4 CR.)

Course Description

Teaches scripting and software development techniques for automating security tasks such as network monitoring and penetration testing using Python. Additional topics include writing custom tools and the basics of developing software exploits. Lecture 4 hours per week.

General Course Purpose

This course provides students with the knowledge to develop and maintain effective programs/scripts, through demonstrations and hands-on labs. Students will learn to create high-level language scripts and programs using methods, modules, classes, and other pertinent parts of the object-orientated and structured paradigms. Students will learn how to use Python to manipulate data, automate tasks, perform error handling, storing, retrieving and usefulness in a variety in cybersecurity areas. The class will provide hands on exercises to reinforce learning and develop real competency, as students are guided through the process of developing and testing security tools. To conclude the course, students will participate in a capstone project to fortify knowledge and skills gained during the course. This course can be used to satisfy the programming or security elective in the Cybersecurity AAS.

Course Prerequisites/Corequisites

Prerequisite: ITP 100

Course Objectives

Upon successful completion of this course, the student will be able to:

• Design code, test, and implement Python programs using both console and Graphical User Interface (GUI) applications.
• Demonstrate effective knowledge in and use of language syntax, tools, models and idiom.
• Demonstrate mastery of skills necessary to construct software solutions to a variety of security areas.
• Demonstrate use and implementation of commonly used algorithms and data structures as they relate to problems in Cybersecurity.
• Code with fluency in the object-oriented paradigm.
• Identify and explain the libraries available for attack task automation.
• Use the high-level programming language to analyze & debug live applications.
• Explain the ethical and social implications of hacking within the context of cybersecurity.

Major Topics to Be Included

• Python development environment
• Python data types
  • Strings and Numbers
  • Lists, Tuplies, Dictionaries
• Python basic syntax
  • Sequence, Decision making, loops
  • Functions and Modules
• Exception Handling
• Regular Expressions
• Classes and Objects
  • Inheritance
• File I/O and Database Manipulation
• Networking
• GUI Development

Student Learning Outcomes

• Python development environment
  • Review, install, configure, and test (if necessary) the Python 3 interpreters, compiler, PIP3 (the Python package manager), pathing, and other packages/libraries as appropriate.
  • Write functional code stubs using IDLE3, the interactive command interpreter.
• Python data types
  • Strings and Numbers

    (Write code statements that…)

    • initialize and use Python’s Numbers type -- int, long, float, complex – to perform arithmetic, comparison, and assignment operations.
    • initialize strings, and uses to concatenation operator to combine them and the slice operator to extract substrings.
    • use the comparison string comparison operators to test strings for identity and difference.
    • format strings
      • Operators are: %c,%s,%d,%x,%e,%f
    • Use string functions, such as find(), index(), isalnum().
  • Lists, Tuplies, Dictionaries

    (Write code statements that…)

    • create and initialize a list, then store data to its elements; and subsequently manipulate them.
    • create and initialize a tuple. Explain the difference between tuples and lists, and in what cases the read only tuple is preferable.
    • create and initialize a dictionary, then demonstrate its use as a hashtable for storing and retrieving data.
• Python basic syntax
  • Sequence, Decision making, loops

    (Write code statements that…)

    • demonstrate the use of commenting for program clarity, and that use proper line indentation to indicate code block subordination.
    • employ proper quotation -- (‘), double (“), and triple (‘’’ or “””) -- for the appropriate circumstance
    • use the input and output commands -- input(), print() – as well as the command line to insert data into an application as required.
    • use if, if else, construct to alter the flow of control in a program based on a Boolean condition.
    • implement a modular “switch” statement in Python using def and a dictionary.
    • use the immediately proceeding statements in a Suite.
    • See II. a. 1.
    • Operators

      (…use the following operators…)

      • Arithmetic
        • See II. a. 1.
        • Operators are: +, -, *, /, **, %, // (floor division)
      • Comparison
        • See II. a. 1. And II. b. 1.
        • Operators are: ==,!=,<>, <.>,>=,<=
      • Assignment
        • Operators are: =,+=,-=,*=,/+,%=,**=,//=
      • Bitwise
        • Operators are: &, |, ^, ~,<<,>>
      • Logical operators
        • Operators are: and, or, not .
      • Membership
        • in a sequence (string, list, tuple)
        • Operators are: in, not in
      • Identity
        • Operators are: is, is not.
    • Loops
      • use a for loop for iteration
      • use a while loop where initial Boolean state changes
      • Loop control statements
        • Break, continue, pass.
        • Functions and Modules

          (Write code statements that…)

          • define the signature and body of a function taking 0, 1, and 2 parameters of differing types
          • demonstrate calling functions with varying signatures
          • demonstrate passing by reference
          • demonstate variable scope
          • deploy functions in various files and combine them using the import command.
• Exception Handling

  (Write code statements that…)

  • uses the assert command to trap and recover from error conditions.
  • uses a try-except-else and finally block to handle errors.
• Regular Expressions

  (Write code statements that…)

  • use characters, character classes, and control characters to create patterns.
    • Control characters: ( + ? . * ^ $ ( ) [ ] { } | \ )
  • demonstrate the use of matching, searching, and replacing patterns of interest.
• Classes and Objects
  • demonstrate competency in Object Oriented terminology and concepts.

    (Write code statements that…)

  • use OOP mechanics to create classes and instatiatie objects of those classes.
  • use simply inheritance to simplify code.
• File I/O and Database Manipulation

  (Write code statements that…)

  • facilitates opening, reading, writing, and saving text files.
    • Uses exception handling to test opening and saving files
  • uses commands to navigate in code through file system.
  • uses standard database interfaces and basic SQL to create, open, read from, write to (add and update), search for, and delete entries in a simple relational database.
• Networking

  (Write code statements that…)

  • use socket module to create a simple client server communication application.
• GUI Development

  (Write code statements that…)

  • use the Tk GUI toolkit (Tkinter) to develop simple but functional GUI interfaces.

Recommended Demonstration Topics and Projects

• Reconnaissance 
  • Web scraping
  • Query apps, web crawling
• Scanning 
  • Packet sniffing
  • Replacing netcat
  • Bot detection
• Access 
  • HTML form authentication
  • Replacing scapy
  • Keylogging
  • Pythonic Shellcode execution
• Maintaining Access 
  • Windows privilege escalation
  • SSH tunneling
• Covering Tracks 
  • Log file manipulation

In this course, the following VCCS General Education Outcomes are supported:

• Understand and interpret complex materials (#1.1)
• Use problem solving skills (#2.6)
• Determine the nature and extent of the information needed (#4.1)
• Use logical and mathematical reasoning within the context of various disciplines (#6.1)
• Interpret and use mathematical formulas (#6.2)
• Estimate and consider answers to mathematical problems in order to determine reasonableness (#6.5)