This subject is available under ICMS undergraduate degrees, please click the button below to find an undergraduate course for you.
CYB304A
Specialisation
3 credit points
ICT103A Programming Principles
CYB201A Network Security
Course level pre-requisite: a total of 24 credit points (15 credit points, including ICT101A, ICT102A, ICT103A, DAT101A from level 100 and 9 credit points from level 200 core subjects) prior enrolling into level 300 core and specialisation subjects
300
Hackers are exploring new ways to access private networks every day. Their ultimate goal is to identify weaknesses in digital systems and network security and gain unauthorised access to sensitive information to exploit digital assets for their benefit. The road to accomplishing their endgame lies within their ability to identify weaknesses in digital systems and silently intrude into their target destination.
Penetration testing is a powerful tool that enables businesses to analyse organisational capabilities and defence against hackers and cyberattacks. It is an essential element of a cybersecurity assessment as it provides the opportunity to identify vulnerabilities and risks in the organisation’s systems, which hackers are tirelessly seeking.
This subject equips students with the theoretical foundation and practical aspects of discovering system vulnerabilities using penetration testing methods, tools, and techniques. Students will explore various approaches to conduct system vulnerability analysis from an attacker’s viewpoint and use this threat intelligence to mitigate cyberattacks from a defender’s perspective.
Students will plan and implement computer system exploitation cases and scenarios, applying a range of penetration testing approaches, practices, and skills. In addition to the technical aspects of penetration testing, the subject also covers the legal, professional, and ethical considerations, including reporting requirements.
a) Explain the objectives, role, and applications of penetration testing in cybersecurity vulnerability analysis and organisational information security management systems.
b) Select and apply penetration testing methods, tools, and techniques appropriate to the target digital infrastructure components.
c) Plan and implement penetrating testing to identify and investigate vulnerabilities in computer networks, operating systems, applications, and processes
d) Critically analyse penetration testing outcomes, derive threat intelligence, and evaluate organisational information security design for improvements.
e) Develop and present a penetration testing report exhibiting professional standards and insightfully interpreting findings.
f) Critically evaluate ethical, professional, and legal considerations associated with penetration testing practices and their application.
No | Assessment Task | Weighting | Learning Outcomes |
1 | Practical Lab Work | 15% | a, b, c |
2 | Case Study | 20% | a, d |
3 | Practical – Black-Box Testing | 25% | a -f |
4 | White-Box Testing Project (G) | ||
Part A) Report | 30% | a-f | |
Part B) Presentation | 10% |
Broad Topics to be Covered:
Topic: |
Week 1: Introduction and Methodologies
|
Week 2: Reconnaissance
|
Week 3: Kali Linux and Penetration Testing
|
Week 4: Network testing
|
Week 5: Testing a Web Server and Web Application
|
Week 6: Wireless Testing
|
Week 7: Testing a Database
|
Week 8: Testing Windows Operating System and Linux Operating System
|
Week 9: Cyber Threat Intelligence
|
Week 10: Metasploit
|
Week 11: Other Topics
|