WM285-15 Security Testing II
Introductory description
Building on the foundational security testing knowledge and skills developed in Security Testing I, this module
advances students’ capabilities in ethical hacking through the application of more sophisticated techniques and
methodologies. Students will engage with a range of vulnerability categories and develop the ability to work both
independently and collaboratively as part of a security testing team, reflecting the individual and team-based nature of
professional security operations. This module covers the latest techniques of ethical hacking and provides practical
experience in selecting and applying suitable tools and techniques. It is also designed to ensure that students are able
to define the scope of testing under certain requirements, develop a relevant project plan, and carry out a security
assessment by applying appropriate testing methodologies and tools.
Module aims
This module aims to equip students with advanced ethical hacking knowledge and practical skills assessed through components: an individual penetration testing coursework and a team-based Capture the Flag (CTF) group
project. The penetration testing assessment develops and assesses the individual student’s ability to plan, prepare,
execute, and report on a penetration test against a virtualised networked environment containing multiple faults.
Students will produce a professional penetration testing report aimed at stakeholders with varied technical abilities,
from managers with strong technical knowledge to senior management interested only in an executive summary. The
group CTF project simulates realistic security assessment scenarios in which students work in teams to
tackle challenges across security domains e.g., web application exploitation, privilege escalation, and network
analysis. Each student is expected to take ownership of specific challenge categories while contributing to the
collective team effort. The team will produce a jointly authored report that includes each member’s account of the
category or categories they worked on and how they contributed to the team. Students will develop the professional skills required both to conduct independent security assessments and to operate effectively within a cyber security testing team.
Outline syllabus
This is an indicative module outline only to give an indication of the sort of topics that may be covered. Actual sessions held may differ.
Understanding of system defence and offence principles, strategies, techniques and concepts. Identification,
evaluation and exploitation of vulnerabilities in web applications, network services, and operating system
configurations. Professional documentation and reporting of penetration testing and security assessment activities.
Learning outcomes
By the end of the module, students should be able to:
- Demonstrate a critical understanding of the professional, legal and ethical issues related to ethical hacking and its application in different environments [CITP 2.1.13, C8]]
- Interpret and apply penetration testing methodologies and security assessment tools following on the scope, requirements and technologies of target infrastructure [CITP 2.1.1, 2.1.12, 2.2.4, C12]
- Evaluate the security posture of a system using an appropriate methodology, and assess potential vulnerabilities related to organisational, policy or technical issues [CITP 2.1.2, 2.1.5, 2.1.10, 2.1.11, C9, C10]
- Analyse and report the outcomes of a security test to a professional standard, recommending and specifying suitable security controls [CITP 2.1.6, 2.2.6, 2.3.2, C4]
Indicative reading list
Reading lists can be found in Talis
Subject specific skills
Understanding of system defence and offence principles, strategies, techniques and concepts. Identification,
evaluation and exploitation of vulnerabilities in web applications, network services, and operating system
configurations. Professional documentation and reporting of penetration testing and security assessment activities.
Transferable skills
Critical and analytical thinking Problem solving
Teamwork and collaborative problem-solving
Written communication
Time management and task prioritisation
Study time
| Type | Required |
|---|---|
| Lectures | 10 sessions of (0%) |
| Supervised practical classes | 20 sessions of 1 hour (13%) |
| Online learning (independent) | 20 sessions of 1 hour (13%) |
| Private study | 50 hours (33%) |
| Assessment | 60 hours (40%) |
| Total | 150 hours |
Private study description
Further practical lab work and research.
Costs
No further costs have been identified for this module.
You must pass all assessment components to pass the module.
Assessment group A
| Weighting | Study time | Eligible for self-certification | |
|---|---|---|---|
Assessment component |
|||
| Penetration test of a virtualised networked infrastructure | 60% | 36 hours | Yes (extension) |
|
Participants will be provided with a virtualised environment comprising of multiple servers. Students will be required to connect to vulnerable machines and practice exploitation, enumeration and privilege escalation techniques and report on security assessment. |
|||
Reassessment component is the same |
|||
Assessment component |
|||
| Capture the Flag Strategy Project | 40% | 24 hours | No |
|
Working in teams, students will compete in a series of capture the flag (CTF) challenges. The team will produce a jointly authored report covering the team’s overall CTF strategy, task allocation rationale, a summary of flags captured across all categories, and a critical reflection on team performance. Peer Marking Process will be adopted in this assessment. |
|||
Reassessment component is the same |
|||
Feedback on assessment
Formative feedback during lab sessions
Summative feedback on assessments
There is currently no information about the courses for which this module is core or optional.