Penetration testing
- Predavanje 30
- Vježbe 30
- Samostalni rad 150
Naziv predmeta
Penetration testing
Tip predmeta
Elective
Oznaka predmeta
22-02-533
Semestar
3
ECTS
7
Nastavnici i suradnici
Sadržaj i cilj
This module builds on the knowledge and understanding achieved in the module Ethical Hacking through learning about Cybersecurity testing (PenTest). Modul is focused on acquiring knowledge in the field of penetration testing and verifying security vulnerabilities. Modul will be presented through a simulated enterprise network environment (virtual machines and network) that needs to be attacked, exploited, and evade detection. Students also need to propose to defend strategies to protect the environment from discovered vulnerabilities.
The module aims are to provide students with knowledge and skills to conduct penetration test (PenTest) on real-world environments and write executive and technical reports.
Students will learn about:
• Advanced Windows attacks
• Attacking IOT systems
• Wrig exploits
• Bypassing a filtered network
• Pen-testing operational technology
• Access hidden networks with pivoting and double pivoting
• Privilege escalation
• Evading defence mechanisms
• Attack automation with scripts
• Weaponization
• Writing professional reports.
Trough the labs students will have have a demonstrated knowledge and understanding of the most common tools used by PenTester. The learning outcomes of this module enable students to become specialist in Penetration testing.
Literatura
Essential reading:
1. [Anon.] (2020), Penetration Testing, Albuquerque: Ec-Council
Recommended reading:
1. Walker M., 2019, CEH Certified Ethical Hacker All-in-One Exam Guide, 4th Edition, New York: McGraw-Hill Education
2. Stuttard, D. and Pinto, M., (2011). The web application hacker's handbook. Indianapolis: Wiley.
3. Litchfield, D., (2005). The database hacker's handbook. Indianapolis: Wiley.
4. [Anon.] (2021), WSTG - v4.1. Available at: https://owasp.org/www-project-web-security-testing-guide/v41/ (Accessed: 2 May 2021).
5. [Anon.] (2021), OWASP Top Ten Web Application Security Risks. Available at: https://owasp.org/www-project-top-ten/ (Accessed: 2 May 2021).
Professional Master in Computer Engineering, sub-specialization in Software Engineering
Minimalni ishodi učenja
- Utvrditi cilj i opseg penetracijskog testiranja.
- Definirati korake, trajanje i troškove procesa penetracijskog testiranja.
- Izvesti prikupljanje podataka iz otvorenih izvora.
- Izvesti testiranje na temelju socijalnog inženjeringa.
- Izvesti testiranje mrežne infrastrukture.
- Odabrati i izvesti testiranje ranjivosti sustava.
- Izvesti testiranje web aplikacije.
- Odabrati metode napada na mobilne i IoT-uređaje te uređaje koji se povezuju na bežičnu mrežu.
- Pripremiti izvješće o rezultatima izvođenja penetracijskog testiranja.
Željeni ishodi učenja
- Vrednovati cilj i opseg penetracijskog testiranja.
- Napisati prijedlog izvođenja penetracijskog testiranja.
- Osmisliti strategiju prikupljanja podataka iz otvorenih izvora.
- Osmisliti sustav za testiranje na temelju socijalnog inženjeringa.
- Osmisliti sustav za testiranje mrežne infrastrukture.
- Osmisliti sustav testiranje ranjivosti sustava.
- Osmisliti sustav za testiranje web aplikacije.
- Izvesti napade na mobilne i IoT-uređaje te uređaje koji se povezuju na bežičnu mrežu.
- Pripremiti izvješće za rukovodstvo.