Chat with us, powered by LiveChat

Penetration Testing

This subject is available under ICMS undergraduate degrees, please click the button below to find an undergraduate course for you.

Subject Code:

CYB304A

Subject Type:

Specialisation 

Credit Points:

3 credit points 

Pre-requisite/Co-requisite: 

ICT103A Programming Principles 

CYB201A Network Security 

Course level pre-requisite: a total of 24 credit points (15 credit points, including ICT101A, ICT102A, ICT103A, DAT101A from level 100 and 9 credit points from level 200 core subjects) prior enrolling into level 300 core and specialisation subjects

Subject Level:

300

Subject Rationale:

Hackers are exploring new ways to access private networks every day. Their ultimate goal is to identify weaknesses in digital systems and network security and gain unauthorised access to sensitive information to exploit digital assets for their benefit. The road to accomplishing their endgame lies within their ability to identify weaknesses in digital systems and silently intrude into their target destination. 

Penetration testing is a powerful tool that enables businesses to analyse organisational capabilities and defence against hackers and cyberattacks. It is an essential element of a cybersecurity assessment as it provides the opportunity to identify vulnerabilities and risks in the organisation’s systems, which hackers are tirelessly seeking. 

This subject equips students with the theoretical foundation and practical aspects of discovering system vulnerabilities using penetration testing methods, tools, and techniques. Students will explore various approaches to conduct system vulnerability analysis from an attacker’s viewpoint and use this threat intelligence to mitigate cyberattacks from a defender’s perspective.  

Students will plan and implement computer system exploitation cases and scenarios, applying a range of penetration testing approaches, practices, and skills. In addition to the technical aspects of penetration testing, the subject also covers the legal, professional, and ethical considerations, including reporting requirements.  

Learning Outcomes:

a) Explain the objectives, role, and applications of penetration testing in cybersecurity vulnerability analysis and organisational information security management systems.

b) Select and apply penetration testing methods, tools, and techniques appropriate to the target digital infrastructure components.

c) Plan and implement penetrating testing to identify and investigate vulnerabilities in computer networks, operating systems, applications, and processes

d) Critically analyse penetration testing outcomes, derive threat intelligence, and evaluate organisational information security design for improvements.

e) Develop and present a penetration testing report exhibiting professional standards and insightfully interpreting findings.

f) Critically evaluate ethical, professional, and legal considerations associated with penetration testing practices and their application.

Student Assessment:

WordPress Table

Broad Topics to be Covered:

Topic: 
Week 1: Introduction and Methodologies 

  • Audits 
  • Vulnerability scans 
  • Penetration tests 
  • Methodologies and approaches 
  • Ethics and professionalism in penetration testing 
  • Legal aspects including international laws 
Week 2: Reconnaissance 

  • Core technologies 
  • Open-source tools 
  • Passive scanning techniques 
  • Active scanning techniques 
  • Footprint tools 
  • Verification tools 
  • Enumeration 
Week 3: Kali Linux and Penetration Testing 

  • Introduction to Kali Linux and penetration testing 
  • Installation and overview 
  • Tools 
  • Testing examples 
Week 4: Network testing 

  • Testing objectives 
  • Testing approach 
  • Core technologies 
  • Vulnerability assessment  
Week 5: Testing a Web Server and Web Application 

  • Testing objectives 
  • Testing approach 
  • Core technologies 
  • Vulnerability assessment 
Week 6: Wireless Testing 

  • Testing objectives 
  • Testing approach 
  • Core technologies 
  • Vulnerability assessment 
Week 7: Testing a Database 

  • Testing objectives 
  • Testing approach 
  • Core technologies 
  • Vulnerability assessment 
Week 8: Testing Windows Operating System and Linux Operating System 

  • Testing objectives 
  • Testing approach 
  • Core technologies 
  • Vulnerability assessment 
Week 9: Cyber Threat Intelligence 

  • Introduction and usage 
  • Resources 
  • Internet information gathering 
Week 10: Metasploit 

  • Introduction and usage 
  • Basic usage 
  • Scanning with Metasploit 
  • Exploit examples 
  • Post exploit tasks 
Week 11: Other Topics 

  • Buffer/Stack Overflow 
  • Privilege escalation, brute-forcing, password guessing, maintaining persistence and covering tracks. 
  • Social engineering attacks 
  • Ethical and professional code of conduct for penetration testers 
  • Future trends, challenges, and concerns 

 

Please note that these topics are often refined and subject to change so for up to date weekly topics and suggested reading resources, please refer to the Moodle subject page.