cse5pen penetration testing principles
PENETRATION TESTING PRINCIPLES
CSE5PEN
2019
Credit points: 15
Subject outline
Penetration testing involves assessment of organisational vulnerabilities through the design and execution of technical system tests. This subject introduces students to the principles and processes involved in system penetration testing. It examines common software tools used in a penetration testing exercise. Students will learn various types of penetration testing and their phases, and the interpretation of results from commonly used penetration testing tools. Students will learn of the value of penetration testing for businesses and organisations, and how to use testing results to report on, and to improve, an organisation's security resilience.
SchoolSchool Engineering&Mathematical Sciences
Credit points15
Subject Co-ordinatorOmaru Maruatona
Available to Study Abroad StudentsYes
Subject year levelYear Level 5 - Masters
Exchange StudentsYes
Subject particulars
Subject rules
Prerequisites Must have passed CSE5NEF or CSE5NSF and CSE5CSP and must be admitted into SMCYC or SMCYL or SMCYB or must obtain subject coordinator's approval.
Co-requisitesN/A
Incompatible subjectsN/A
Equivalent subjectsN/A
Special conditionsN/A
Learning resources
Readings
| Resource Type | Title | Resource Requirement | Author and Year | Publisher |
|---|---|---|---|---|
| Readings | The Hacker Playbook 2: Practical Guide To Penetration Testing | Prescribed | Kim, Peter | Createspace Independent Pub |
| Readings | Penetration Testing Fundamentals: A hands-On Guide to Reliability Security Audits | Prescribed | Easttom, Chuck | Pearson |
Graduate capabilities & intended learning outcomes
01. Analyse appropriate software tools and technologies for use in system testing so as to provide assurance of network security.
- Activities:
- In lectures/modules and practical work, worked examples, case studies demonstrate present malware attacks to students, and how to analyse other cyber security threats. Students create test cases using in-depth technical analysis of risks and typical vulnerabilities.
02. Evaluate the results of penetration testing in phases in a range of contexts and systems to make recommendations
- Activities:
- Lectures will provide Penetration testing standards and offer case studies of typical tests. For practical work students plan penetration tests in phases in accordance with accepted penetration testing standards.
03. Synthesise a range of target scanning methodologies to identify vulnerabilities and reduce risk.
- Activities:
- For practical work students produce test scripts and materials to test new and existing software or services. Lectures will provide knowledge of interpretation, execution and documenting of complex test scripts using agreed methods and standards.
04. Apply simple penetration test methods and produce client reports, explaining key findings to diverse audiences.
- Activities:
- Lectures/modules provide direction on how to record and analyse and review results. In practical work students examine case studies so as to learn how to report on progress, anomalies, risks and issues associated with a given simple penetration test.
Subject options
Select to view your study options…
Melbourne, 2019, Semester 1, Day
Overview
Online enrolmentYes
Maximum enrolment sizeN/A
Enrolment information
Subject Instance Co-ordinatorOmaru Maruatona
Class requirements
Lecture/WorkshopWeek: 10 - 22
Six 4.0 hours lecture/workshop every two weeks on any day including weekend during the day from week 10 to week 22 and delivered via face-to-face.
Computer LaboratoryWeek: 10 - 22
Six 4.0 hours computer laboratory every two weeks on any day including weekend during the day from week 10 to week 22 and delivered via face-to-face.
Assessments
| Assessment element | Comments | % | ILO* |
|---|---|---|---|
| One closed book practical test (1.5 hours) | To be given in last practical (or for off campus students at end of 2 day compulsory residential workshop) | 30 | 01, 02, 03, 04 |
| Assignment 1 - Attack Planning, written assignment, Individual (1,500-words) | 20 | 01, 02 | |
| Assignment 2 - Attack Execution, written assignment, Individual (1,500-words) | 20 | 03, 04 | |
| Assignment 3 - Word penetration testing report based your own answers to Assign 2 and 3 (1500-words) | 30 | 01, 02, 03, 04 |
Melbourne, 2019, Summer, Day
Overview
Online enrolmentNo
Maximum enrolment sizeN/A
Enrolment information
Subject Instance Co-ordinatorOmaru Maruatona
Class requirements
LectureWeek: 45
Six 4.0 hours lecture every two weeks on any day including weekend during the day in week 45 and delivered via face-to-face.
Computer LaboratoryWeek: 45
Six 4.0 hours computer laboratory every two weeks on any day including weekend during the day in week 45 and delivered via face-to-face.
Assessments
| Assessment element | Comments | % | ILO* |
|---|---|---|---|
| One closed book practical test (1.5 hours) | To be given in last practical (or for off campus students at end of 2 day compulsory residential workshop) | 30 | 01, 02, 03, 04 |
| Assignment 1 - Attack Planning, written assignment, Individual (1,500-words) | 20 | 01, 02 | |
| Assignment 2 - Attack Execution, written assignment, Individual (1,500-words) | 20 | 03, 04 | |
| Assignment 3 - Word penetration testing report based your own answers to Assign 2 and 3 (1500-words) | 30 | 01, 02, 03, 04 |
Melbourne, 2019, Semester 1, Blended
Overview
Online enrolmentYes
Maximum enrolment sizeN/A
Enrolment information
Subject Instance Co-ordinatorOmaru Maruatona
Class requirements
Unscheduled Online ClassWeek: 10 - 22
Twelve 2.0 hours unscheduled online class per study period on weekdays from week 10 to week 22 and delivered via online.
"Consists of online readings, resources and self-check tests, for self-directed study. All materials will be available asynchronously on the LMS."
PracticalWeek: 10 - 22
Ten 1.0 hours practical per study period on weekdays from week 10 to week 22 and delivered via blended.
"Synchronous online practical tutorial supported by practical notes and reading material on the LMS."
PracticalWeek: 10 - 22
Two 7.0 hours practical per study period on weekdays from week 10 to week 22 and delivered via blended.
"A compulsory practical workshop of 2 days at the end of the semester will be offered for all off campus students."
Assessments
| Assessment element | Comments | % | ILO* |
|---|---|---|---|
| One closed book practical test (1.5 hours) | To be given in last practical (or for off campus students at end of 2 day compulsory residential workshop) | 30 | 01, 02, 03, 04 |
| Assignment 1 - Attack Planning, written assignment, Individual (1,500-words) | 20 | 01, 02 | |
| Assignment 2 - Attack Execution, written assignment, Individual (1,500-words) | 20 | 03, 04 | |
| Assignment 3 - Word penetration testing report based your own answers to Assign 2 and 3 (1500-words) | 30 | 01, 02, 03, 04 |
Melbourne, 2019, Summer, Blended
Overview
Online enrolmentNo
Maximum enrolment sizeN/A
Enrolment information
Subject Instance Co-ordinatorOmaru Maruatona
Class requirements
Unscheduled Online ClassWeek: 45
Twelve 2.0 hours unscheduled online class per study period on weekdays during the day in week 45 and delivered via online.
"Consists of online readings, resources and self-check tests, for self-directed study. All materials will be available asynchronously on the LMS."
PracticalWeek: 45
Ten 1.0 hours practical per study period on weekdays during the day in week 45 and delivered via online.
"Synchronous online practical tutorial supported by practical notes and reading material on the LMS."
PracticalWeek: 45
Two 7.0 hours practical per study period on weekdays during the day in week 45 and delivered via face-to-face.
"A compulsory practical workshop of 2 days at the end of the semester will be offered for all off campus students."
Assessments
| Assessment element | Comments | % | ILO* |
|---|---|---|---|
| One closed book practical test (1.5 hours) | To be given in last practical (or for off campus students at end of 2 day compulsory residential workshop) | 30 | 01, 02, 03, 04 |
| Assignment 1 - Attack Planning, written assignment, Individual (1,500-words) | 20 | 01, 02 | |
| Assignment 2 - Attack Execution, written assignment, Individual (1,500-words) | 20 | 03, 04 | |
| Assignment 3 - Word penetration testing report based your own answers to Assign 2 and 3 (1500-words) | 30 | 01, 02, 03, 04 |