Penetration testing
- About
- e-Leadership MBA
- Graduate Professional Program
- Joint Graduate Study Programme in Computer Science - Internet of Things and Artificial Intelligence
- Lecture Plan
- Computing
- Undergraduate University Program
- Learning outcomes on the program level
- Learning outcomes on the program level
- Admission
- Learning outcomes on the program level
- Learning outcomes on the program level
- Apply now
- Learning outcomes on the program level
- Learning outcomes on the program level
- Learning outcomes on the program level
- Learning outcomes on the program level
- Useful Information
- Learning outcomes on the program level
- Learning outcomes on the program level
- Useful Information
- Professional Title Acquired
- 3D Design
- Design
- Duration of the Study Program
- Undergraduate Professional Program
- Lecture Plan
- Lecture Plan
- Lecture Plan
- Useful Information
- Useful Information
- Software Package Included in the Price of the Study
- Software Package Included in the Price of the Study
- Course Schedules
- Course Schedules
- Professional Title Acquired
- Duration of the Study Program
- Digital Marketing
- Software Package Included in the Price of the Study
- Duration of the Study Program
- Lecture Plan
- Professional Title Acquired
- Useful Information
- Course Schedules
- Multimedia Computing
- Industry Certifications
- Course Schedules
- Professional Title Acquired
- Software Package Included in the Price of the Study
- System Engineering
- Duration of the Study Program
- Lecture plan
- Course Schedules
- Professional Title Acquired
- Software Package Included in the Price of the Study
- Industry Certifications
- Useful Information
- Software Engineering
- Duration of the Study Program
- Software Package Included in the Price of the Study
- Course Schedules
- Lecture Plan
- Industry Certifications
- Useful Information
- Professional Title Acquired
- Creative Market Communications Management
- Duration of the Study Program
- Course Schedules
- Industry Certifications
- Lecture Plan
- Useful Information
- Duration of the Study Program
- Software Package Included in the Price of the Study
- Digital Marketing
- Who Can Enroll
- Professional Title Acquired
- Software Package Included in the Price of the Study
- Course Schedules
- Lecture Plan
- Professional Title Acquired
- Useful Information
- Useful Information
- Data Science
- Industry Certifications
- Course Schedules
- Jobs and necessary knowledge and skills that graduates will be prepared for
- Course Schedules
- Duration of the Study Program
- Software Package Included in the Price of the Study
- Lecture Plan
- Duration of the Study
- Game Development
- Professional Title Acquired
- Who Can Enroll
- Professional Title Acquired
- MITx MicroMasters® program
- Useful Information
- Lecture Plan
- Software Package Included in the Price of the Study
- System Engineering
- Duration of the Study
- Who can Apply
- Course Schedules
- Lecture Plan
- Software Engineering
- Software Engineering
- Useful Information
- Study Duration
- Lecture Plan
- Lecture Plan
- Useful Information
- Useful Information
- Learning outcomes on the program level
- Learning outcomes on the program level
- Industry Certifications
- Industry Certifications
- Professional Title Acquired
- Professional Title Acquired
- Duration of the Study Program
- Duration of the Study Program
- Course Schedules
- Course Schedules
- Learning outcomes on the program level
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Partnership with Goldsmiths, University of London
- Class 30
- Practice 30
- Independent work 150
Course title
Penetration testing
Lecture type
Elective
Course code
21-02-533
Semester
3
ECTS
7
Lecturers and associates
Course overview
This module builds on the knowledge and understanding achieved in the module Ethical Hacking through learning about Cybersecurity testing (PenTest). Modul is focused on acquiring knowledge in the field of penetration testing and verifying security vulnerabilities. Modul will be presented through a simulated enterprise network environment (virtual machines and network) that needs to be attacked, exploited, and evade detection. Students also need to propose to defend strategies to protect the environment from discovered vulnerabilities.
The module aims are to provide students with knowledge and skills to conduct penetration test (PenTest) on real-world environments and write executive and technical reports.
Students will learn about:
• Advanced Windows attacks
• Attacking IOT systems
• Wrig exploits
• Bypassing a filtered network
• Pen-testing operational technology
• Access hidden networks with pivoting and double pivoting
• Privilege escalation
• Evading defence mechanisms
• Attack automation with scripts
• Weaponization
• Writing professional reports.
Trough the labs students will have have a demonstrated knowledge and understanding of the most common tools used by PenTester. The learning outcomes of this module enable students to become specialist in Penetration testing.
Literature
Essential reading:
1. [Anon.] (2020), Penetration Testing, Albuquerque: Ec-Council
Recommended reading:
1. Walker M., 2019, CEH Certified Ethical Hacker All-in-One Exam Guide, 4th Edition, New York: McGraw-Hill Education
2. Stuttard, D. and Pinto, M., (2011). The web application hacker's handbook. Indianapolis: Wiley.
3. Litchfield, D., (2005). The database hacker's handbook. Indianapolis: Wiley.
4. [Anon.] (2021), WSTG - v4.1. Available at: https://owasp.org/www-project-web-security-testing-guide/v41/ (Accessed: 2 May 2021).
5. [Anon.] (2021), OWASP Top Ten Web Application Security Risks. Available at: https://owasp.org/www-project-top-ten/ (Accessed: 2 May 2021).
Minimal learning outcomes
- Conduct reconnaissance based on open sources
- Select and conduct system vulnerability testing
- Conduct network infrastructure testing
- Conduct testing based on social engineering
- Conduct testing of web applications
- Select methods for attacks on mobile, WiFi and IoT devices
- Defining the goal and scope of penetration testing
- Define steps, duration, and costs in the penetration testing process
- Write a PenTest report
Preferred learning outcomes
- Design reconnaissance based on open sources
- Design system vulnerability testing
- Design network infrastructure testing
- Design testing based on social engineering
- Design testing of web applications
- Design attacks on mobile, WiFi and IoT devices
- Valorise the goal and scope of penetration testing
- Write PenTest proposal
- Write an Executive report