WM285-15 Security Testing II
Introductory description
Penetration testers and red teams require deep understanding of the underlying technologies, such as network protocols, operating systems, and applications, as well as a range of transferable skills such as project management, team working, report writing and communication. This module covers the latest techniques of ethical hacking and provides practical experience in selecting and applying suitable tools and techniques.
The module is also designed to ensure that students are able to define the scope of testing under certain requirements and develop a relevant project plan, and carry out a security assessment by applying appropriate testing methodologies and tools.further emphasis is given to understanding of the requirements, preparation and reporting of testing results, impact, risk and countermeasures.
Module aims
This module aims to equip students with the advanced knowledge and practical experience of performing professional security assessment, including testing of the organisation's monitoring, detection and response, and reporting to client organisations.
There is a fundamental emphasis on professionalism. Students are given an in-depth knowledge of the phases of a professional security assessment. Participants are made aware of the need to act professionally, in an ethical manner and are made aware of ‘responsible reporting’ programmes.
This module is partly taught by professional practitioners involved with professional penetration testing on a daily basis and also equipped with years of university academic experience.
Outline syllabus
This is an indicative module outline only to give an indication of the sort of topics that may be covered. Actual sessions held may differ.
Understanding Requirements
Defining Scope
Project planning and management
Assessing network design
Assessing application design
Avoiding Detection
Managing Risk
Testing Methodology
Testing Platforms
Technology and Vulnerabilities
Social Engineering
Learning outcomes
By the end of the module, students should be able to:
- Demonstrate a critical understanding of the professional, legal and ethical issues related to ethical hacking and its application in different environments.
- Interpret and apply penetration testing methodologies and security assessment tools following on the scope, requirements and technologies of target infrastructure.
- Evaluate the security posture of a system using an appropriate methodology, and assess potential vulnerabilities related to organisational, policy or technical issues.
- Analyse and report the outcomes of a security test to a professional standard, recommending and specifying suitable security controls.
Indicative reading list
Allen, L. and Cardwell, K., 2016, Advanced Penetration Testing for Highly-Secured Environments, 2nd edition, Packt Publishing
Wilhelm, T., 2010, Professional Penetration Testing – Creating and Operating a Formal Hacking Lab, Syngress
Long, J., 2005, Google Hacking for Penetration Testers, Syngress
Baloch, R., 2015, Ethical Hacking and Penetration Testing Guide, CRC Press
Svensson, R., 2016, From Hacking to Report Writing: An Introduction to Security and
Penetration Testing, Apress
Allsopp, W., 2009, Unauthorised Access - Physical Penetration Testing For IT Security Teams, Wiley
Subject specific skills
Student will develop advanced system penetration skill, aimed at bypassing advanced security controls and avoiding detection.
Participants will develop hands-on experience of managing a security assessment (read teaming) project from the beginning, elucidating requirements in initial scope agreement an d the preparation of a professional report aimed at senior management.
Transferable skills
Planning and project management
Communication and presentation
Study time
| Type | Required |
|---|---|
| Supervised practical classes | 18 sessions of 2 hours (24%) |
| Private study | 54 hours (36%) |
| Assessment | 60 hours (40%) |
| Total | 150 hours |
Private study description
Further practical lab work and research.
Costs
No further costs have been identified for this module.
You do not need to pass all assessment components to pass the module.
Assessment group A
| Weighting | Study time | Eligible for self-certification | |
|---|---|---|---|
Assessment component |
|||
| Security assessment of a corporate network | 80% | 50 hours | Yes (extension) |
|
Participants will be provided with a virtualised environment comprising of multiple servers. Students will be required to plan, prepare, execute and report on a security assessment. The report is aimed at stakeholders with varied technical abilities from managers who have strong technical abilities to senior management interested only in an executive summary. |
|||
Reassessment component is the same |
|||
Assessment component |
|||
| Presentation on the results and recommendations from the security assessment | 20% | 10 hours | No |
|
Students are expected to deliver a presentation on the main findings, conclusions and recommendations from the security assessment carried out. |
|||
Reassessment component is the same |
|||
Feedback on assessment
In the feedback form as well as during the presentation.
There is currently no information about the courses for which this module is core or optional.