Skip to main content Skip to navigation

Module Catalogue

WM185-15 Security Testing I

Department
WMG
Level
Undergraduate Level 1
Module leader
Michael Macaulay
Credit value
15
Module duration
10 weeks
Assessment
100% coursework
Study location
University of Warwick main campus, Coventry

Download as PDF

Introductory description

A fundamental goal of cyber security is to enhance the robustness and resilience of systems against a wide range of threats and attacks. While it would be ideal to have cyber security embedded early in the system design process, practitioners are frequently tasked with securing legacy systems that were developed with little or no consideration for cyber threats. Even modern, well-designed systems remain vulnerable to attacks from both sophisticated and opportunistic adversaries.
Penetration testers and red team professionals must develop an understanding of common vulnerabilities and attack techniques. This is essential for critically analysing the underlying causes of security weaknesses in networks and systems, and for identifying effective remediation strategies.

Module aims

This module is designed to equip students with both the theoretical knowledge and practical skills required to conduct security testing and deliver professional penetration testing reports for client organisations.
The module begins by introducing established security testing methodologies and frameworks, guiding students through each phase of the penetration testing process. These phases include reconnaissance, threat modelling, vulnerability analysis, exploitation, post-exploitation, and comprehensive reporting.
Building on this foundation, students will develop hands-on expertise in conducting professional network penetration tests, applying industry-relevant tools and techniques in simulated environments.
Throughout the module, there is a strong emphasis on professionalism and ethical conduct. Students will explore the legal and ethical responsibilities of penetration testers, including adherence to responsible disclosure practices and the importance of maintaining integrity in all aspects of client engagement.

Outline syllabus

This is an indicative module outline only to give an indication of the sort of topics that may be covered. Actual sessions held may differ.

Information Gathering;
Vulnerability Scanning;
Introduction to Web Applications;
Common Web Application Attacks;
SQL Injection Attacks;
The Metasploit Framework;
Port Redirection and SSH Tunneling;
Linux Priviledge Escalation;
Locating Public Exploits;
Linux Hacking.

Learning outcomes

By the end of the module, students should be able to:

  • Demonstrate critical understanding of penetration testing techniques on networked systems, and the application of appropriate security testing tools [CITP 2.1.1, 2.1.2]
  • Identify potential security risks and vulnerabilities of a target system [CITP 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5]
  • Analyse vulnerabilities in target systems and demonstrate use of relevant exploitation techniques [CITP 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5]
  • Recommend effective mitigation measures to strengthen the security posture of an organisation based on results from security assessments [CITP 2.1.1, 2.1.2, 2.1.3,2.1.4, 2.1.5,2.1.6,2.1.9,2.2.3, 3.1.3,3.2.2]]

Indicative reading list

Reading lists can be found in Talis

Specific reading list for the module

Subject specific skills

Understanding of system defence and offence principles, strategies, techniques and concepts
Identification, evaluation and exploitation of system vulnerabilities.

Transferable skills

Critical and analytical thinking. Problem solving.

Study time

Type Required
Lectures 12 sessions of 1 hour (8%)
Supervised practical classes 18 sessions of 1 hour (12%)
Online learning (independent) 10 sessions of 1 hour (7%)
Other activity 6 hours (4%)
Private study 44 hours (29%)
Assessment 60 hours (40%)
Total 150 hours

Private study description

Additional lab work and research

Other activity description

.

Costs

No further costs have been identified for this module.

You must pass all assessment components to pass the module.

Assessment group A1
Weighting Study time Eligible for self-certification
Assessment component
Portfolio of Knowledge and Skills 70% 42 hours Yes (extension)

Portfolio assessment of work.
Reassessment component is the same
Assessment component
In-Class Test. Face to face, non open book 30% 18 hours No
Reassessment component is the same
Feedback on assessment

Verbal feedback provided during lab sessions.
Summative feedback provided.
Feedback form/ marksheet for written report based assessment.

Courses

This module is Core for:

  • UWMA-H651 Undergraduate Cyber Security
    • Year 1 of H651 Cyber Security
    • Year 1 of H651 Cyber Security
    • Year 1 of H651 Cyber Security