PENETRATION TESTING PRINCIPLES

CSE5PEN

2020

Credit points: 15

Subject outline

Penetration testing involves assessment of organisational vulnerabilities through the design and execution of technical system tests. This subject introduces students to the principles and processes involved in system penetration testing. It examines common software tools used in a penetration testing exercise. Students will learn various types of penetration testing and their phases, and the interpretation of results from commonly used penetration testing tools. Students will learn of the value of penetration testing for businesses and organisations, and how to use testing results to report on, and to improve, an organisation's security resilience.


SchoolSchool Engineering&Mathematical Sciences

Credit points15

Subject Co-ordinatorJabed Chowdhury

Available to Study Abroad StudentsYes

Subject year levelYear Level 5 - Masters

Exchange StudentsYes

Subject particulars

Subject rules

Prerequisites Must have passed CSE5NEF or CSE5NSF and CSE5CSP and must be admitted into SMCYC or SMCYL or SMCYB or must obtain subject coordinator's approval.

Co-requisitesN/A

Incompatible subjectsN/A

Equivalent subjectsN/A

Special conditionsN/A

Readings

Resource TypeTitleResource RequirementAuthor and YearPublisher
ReadingsThe Hacker Playbook 2: Practical Guide To Penetration TestingPrescribedKim, Peter (2018)Createspace Independent Pub
ReadingsPenetration Testing Fundamentals: A hands-On Guide to Reliability Security AuditsPrescribedEasttom, Chuck (2018)Pearson

Graduate capabilities & intended learning outcomes

01. Analyse appropriate software tools and technologies for use in system testing so as to provide assurance of network security.

Activities:
In lectures and practical work, worked examples, case studies demonstrate present malware attacks to students, and how to analyse other cyber security threats. Students create test cases using in-depth technical analysis of risks and typical vulnerabilities.

02. Evaluate the results of penetration testing in phases in a range of contexts and systems to make recommendations

Activities:
Lectures will provide Penetration testing standards and offer case studies of typical tests. For practical work students plan penetration tests in phases in accordance with accepted penetration testing standards.

03. Synthesise a range of target scanning methodologies to identify vulnerabilities and reduce risk.

Activities:
For practical work students produce test scripts and materials to test new and existing software or services. Lectures will provide knowledge of interpretation, execution and documenting of complex test scripts using agreed methods and standards.

04. Apply simple penetration test methods and produce client reports, explaining key findings to diverse audiences.

Activities:
Lectures provide direction on how to record and analyse and review results. In practical work students examine case studies so as to learn how to report on progress, anomalies, risks and issues associated with a given simple penetration test.

Subject options

Select to view your study options…

Start date between: and    Key dates

Melbourne, 2020, Semester 2, Day

Overview

Online enrolmentYes

Maximum enrolment sizeN/A

Enrolment information

Subject Instance Co-ordinatorJabed Chowdhury

Class requirements

Lecture/Workshop Week: 31 - 43
One 2.0 hours lecture/workshop per week on any day including weekend during the day from week 31 to week 43 and delivered via face-to-face.

Computer Laboratory Week: 31 - 43
One 2.0 hours computer laboratory per week on any day including weekend during the day from week 31 to week 43 and delivered via face-to-face.

Assessments

Assessment elementComments% ILO*
2 hour exam (2000 words)30 01, 02, 03, 04
Assignment 1 - Attack Planning, written assignment, Individual (1,500-words) 20 01, 02
Assignment 2 - Attack Execution, written assignment, Individual (1,500-words) 20 03, 04
Assignment 3 - Word Penetration testing report based your own answers to Assign 2 and 3 (1500-words)30 01, 02, 03