PENETRATION TESTING PRINCIPLES
CSE5PEN
2018
Credit points: 15
Subject outline
Penetration testing involves assessment of organisational vulnerabilities through the design and execution of technical system tests. This subject introduces students to the principles and processes involved in system penetration testing. It examines common software tools used in a penetration testing exercise. Students will learn various types of penetration testing and their phases, and the interpretation of results from commonly used penetration testing tools. Students will learn of the value of penetration testing for businesses and organisations, and how to use testing results to report on, and to improve, an organisation's security resilience.
School: School Engineering&Mathematical Sciences
Credit points: 15
Subject Co-ordinator: Paul Watters
Available to Study Abroad Students: Yes
Subject year level: Year Level 5 - Masters
Exchange Students: Yes
Subject particulars
Subject rules
Prerequisites: CSE5NEF and CSE5CSP
Co-requisites: N/A
Incompatible subjects: N/A
Equivalent subjects: N/A
Special conditions: N/A
Learning resources
Readings
| Resource Type | Title | Resource Requirement | Author and Year | Publisher |
|---|---|---|---|---|
| Readings | The Hacker Playbook 2: Practical Guide To Penetration Testing | Prescribed | Kim, Peter | Createspace Independent Pub |
| Readings | Penetration Testing Fundamentals: A hands-On Guide to Reliability Security Audits | Prescribed | Easttom, Chuck | Pearson |
Graduate capabilities & intended learning outcomes
01. Analyse appropriate software tools and technologies for use in system testing so as to provide assurance of network security.
- Activities:
- In lectures/modules and practical work, worked examples, case studies demonstrate present malware attacks to students, and how to analyse other cyber security threats. Students create test cases using in-depth technical analysis of risks and typical vulnerabilities.
02. Evaluate the results of penetration testing in phases in a range of contexts and systems to make recommendations
- Activities:
- Lectures will provide Penetration testing standards and offer case studies of typical tests. For practical work students plan penetration tests in phases in accordance with accepted penetration testing standards.
03. Synthesise a range of target scanning methodologies to identify vulnerabilities and reduce risk.
- Activities:
- For practical work students produce test scripts and materials to test new and existing software or services. Lectures will provide knowledge of interpretation, execution and documenting of complex test scripts using agreed methods and standards.
04. Apply simple penetration test methods and produce client reports, explaining key findings to diverse audiences.
- Activities:
- Lectures/modules provide direction on how to record and analyse and review results. In practical work students examine case studies so as to learn how to report on progress, anomalies, risks and issues associated with a given simple penetration test.
City Campus, 2018, Semester 2, Blended
Overview
Online enrolment: Yes
Maximum enrolment size: N/A
Enrolment information:
Subject Instance Co-ordinator: Paul Watters
Class requirements
Lecture/WorkshopWeek: 31 - 43
Twelve 2.0 hours lecture/workshop per study period on weekdays during the day from week 31 to week 43 and delivered via blended.
"Comprehensive readings and resources provided on the LMS. Face to face lectures and workshops also streamed via ZOOM, and recorded for review later. Online self-check tests provided at regular intervals."
PracticalWeek: 31 - 43
Twelve 2.0 hours practical per study period on weekdays during the day from week 31 to week 43 and delivered via blended.
"Practical notes and supporting reading provided on the LMS."
Assessments
| Assessment element | Comments | % | ILO* |
|---|---|---|---|
| One closed book practical test (1.5 hours) | To be given in last practical (or for off campus students at end of 2 day compulsory residential workshop) | 30 | 01, 02, 03, 04 |
| Assignment 1 - Attack Planning, written assignment, Individual (1,500-words) | 20 | 01, 02 | |
| Assignment 2 - Attack Execution, written assignment, Individual (1,500-words) | 20 | 03, 04 | |
| Assignment 3 - Word penetration testing report based your own answers to Assign 2 and 3 (1500-words) | 30 | 01, 02, 03, 04 |
Online, 2018, Semester 2, Blended
Overview
Online enrolment: Yes
Maximum enrolment size: N/A
Enrolment information:
Subject Instance Co-ordinator: Paul Watters
Class requirements
Unscheduled Online ClassWeek: 31 - 43
Twelve 2.0 hours unscheduled online class per study period on weekdays from week 31 to week 43 and delivered via online.
"Consists of online readings, resources and self-check tests, for self-directed study. All materials will be available asynchronously on the LMS."
PracticalWeek: 31 - 43
Ten 1.0 hours practical per study period on weekdays from week 31 to week 43 and delivered via blended.
"Synchronous online practical tutorial supported by practical notes and reading material on the LMS."
PracticalWeek: 31 - 43
Ten 1.0 hours practical per study period on weekdays from week 31 to week 43 and delivered via blended.
"A compulsory practical workshop of 2 days at the end of the semester will be offered for all off campus students."
Assessments
| Assessment element | Comments | % | ILO* |
|---|---|---|---|
| One closed book practical test (1.5 hours) | To be given in last practical (or for off campus students at end of 2 day compulsory residential workshop) | 30 | 01, 02, 03, 04 |
| Assignment 1 - Attack Planning, written assignment, Individual (1,500-words) | 20 | 01, 02 | |
| Assignment 2 - Attack Execution, written assignment, Individual (1,500-words) | 20 | 03, 04 | |
| Assignment 3 - Word penetration testing report based your own answers to Assign 2 and 3 (1500-words) | 30 | 01, 02, 03, 04 |