cse5pen penetration testing principles
PENETRATION TESTING PRINCIPLES
CSE5PEN
2018
Credit points: 15
Subject outline
Penetration testing involves assessment of organisational vulnerabilities through the design and execution of technical system tests. This subject introduces students to the principles and processes involved in system penetration testing. It examines common software tools used in a penetration testing exercise. Students will learn various types of penetration testing and their phases, and the interpretation of results from commonly used penetration testing tools. Students will learn of the value of penetration testing for businesses and organisations, and how to use testing results to report on, and to improve, an organisation's security resilience.
SchoolSchool Engineering&Mathematical Sciences
Credit points15
Subject Co-ordinatorPaul Watters
Available to Study Abroad StudentsYes
Subject year levelYear Level 5 - Masters
Exchange StudentsYes
Subject particulars
Subject rules
Prerequisites CSE5NEF and CSE5CSP
Co-requisitesN/A
Incompatible subjectsN/A
Equivalent subjectsN/A
Special conditionsN/A
Learning resources
Readings
Resource Type | Title | Resource Requirement | Author and Year | Publisher |
---|---|---|---|---|
Readings | The Hacker Playbook 2: Practical Guide To Penetration Testing | Prescribed | Kim, Peter | Createspace Independent Pub |
Readings | Penetration Testing Fundamentals: A hands-On Guide to Reliability Security Audits | Prescribed | Easttom, Chuck | Pearson |
Graduate capabilities & intended learning outcomes
01. Analyse appropriate software tools and technologies for use in system testing so as to provide assurance of network security.
- Activities:
- In lectures/modules and practical work, worked examples, case studies demonstrate present malware attacks to students, and how to analyse other cyber security threats. Students create test cases using in-depth technical analysis of risks and typical vulnerabilities.
02. Evaluate the results of penetration testing in phases in a range of contexts and systems to make recommendations
- Activities:
- Lectures will provide Penetration testing standards and offer case studies of typical tests. For practical work students plan penetration tests in phases in accordance with accepted penetration testing standards.
03. Synthesise a range of target scanning methodologies to identify vulnerabilities and reduce risk.
- Activities:
- For practical work students produce test scripts and materials to test new and existing software or services. Lectures will provide knowledge of interpretation, execution and documenting of complex test scripts using agreed methods and standards.
04. Apply simple penetration test methods and produce client reports, explaining key findings to diverse audiences.
- Activities:
- Lectures/modules provide direction on how to record and analyse and review results. In practical work students examine case studies so as to learn how to report on progress, anomalies, risks and issues associated with a given simple penetration test.
Subject options
Select to view your study options…
City Campus, 2018, Semester 2, Blended
Overview
Online enrolmentYes
Maximum enrolment sizeN/A
Enrolment information
Subject Instance Co-ordinatorPaul Watters
Class requirements
Lecture/WorkshopWeek: 31 - 43
Twelve 2.0 hours lecture/workshop per study period on weekdays during the day from week 31 to week 43 and delivered via blended.
"Comprehensive readings and resources provided on the LMS. Face to face lectures and workshops also streamed via ZOOM, and recorded for review later. Online self-check tests provided at regular intervals."
PracticalWeek: 31 - 43
Twelve 2.0 hours practical per study period on weekdays during the day from week 31 to week 43 and delivered via blended.
"Practical notes and supporting reading provided on the LMS."
Assessments
Assessment element | Comments | % | ILO* |
---|---|---|---|
One closed book practical test (1.5 hours) | To be given in last practical (or for off campus students at end of 2 day compulsory residential workshop) | 30 | 01, 02, 03, 04 |
Assignment 1 - Attack Planning, written assignment, Individual (1,500-words) | 20 | 01, 02 | |
Assignment 2 - Attack Execution, written assignment, Individual (1,500-words) | 20 | 03, 04 | |
Assignment 3 - Word penetration testing report based your own answers to Assign 2 and 3 (1500-words) | 30 | 01, 02, 03, 04 |
Online, 2018, Semester 2, Blended
Overview
Online enrolmentYes
Maximum enrolment sizeN/A
Enrolment information
Subject Instance Co-ordinatorPaul Watters
Class requirements
Unscheduled Online ClassWeek: 31 - 43
Twelve 2.0 hours unscheduled online class per study period on weekdays from week 31 to week 43 and delivered via online.
"Consists of online readings, resources and self-check tests, for self-directed study. All materials will be available asynchronously on the LMS."
PracticalWeek: 31 - 43
Ten 1.0 hours practical per study period on weekdays from week 31 to week 43 and delivered via blended.
"Synchronous online practical tutorial supported by practical notes and reading material on the LMS."
PracticalWeek: 31 - 43
Ten 1.0 hours practical per study period on weekdays from week 31 to week 43 and delivered via blended.
"A compulsory practical workshop of 2 days at the end of the semester will be offered for all off campus students."
Assessments
Assessment element | Comments | % | ILO* |
---|---|---|---|
One closed book practical test (1.5 hours) | To be given in last practical (or for off campus students at end of 2 day compulsory residential workshop) | 30 | 01, 02, 03, 04 |
Assignment 1 - Attack Planning, written assignment, Individual (1,500-words) | 20 | 01, 02 | |
Assignment 2 - Attack Execution, written assignment, Individual (1,500-words) | 20 | 03, 04 | |
Assignment 3 - Word penetration testing report based your own answers to Assign 2 and 3 (1500-words) | 30 | 01, 02, 03, 04 |