CS807 - Vulnerability Assessment and Security Testing
| TIMETABLE | TEACHING MATERIAL |
| Credits | 15 |
| Level | 5 |
| Semester | Term 3 |
| Availability | |
| Prerequisites | |
| Learning Activities Breakdown | |
| Items of Assessment | 2 |
| Assessment | 100% Coursework: Coursework 1 (50%): This is a hands-on assessment, where students will engage with vulnerable machines, honing their skills in identifying and exploiting vulnerabilities. This assessment is designed as a Capture the Flag (CTF) challenge, providing a simulated environment where students must employ their problem-solving abilities and technical acumen to succeed. Students will need to document their entire process in a detailed report. This report serves as a crucial component of the evaluation, requiring students to articulate their methodology, the attack vectors they explored, and the techniques they employed to exploit vulnerabilities successfully. Coursework 2 (50%): Report exploring theoretical knowledge and understanding of concepts. |
| Lecturer | Jide Edu |
Aims and Objectives
The aim of this class is to provide in depth coverage of vulnerability assessment and security testing by taking a "blue team" perspective, and going beyond penetration testing by placing particular emphasis on code security testing and code security reviews.
Learning Outcomes
At the end of this module students should be able:
- To have a deep understanding of theoretical knowledge about vulnerability types, security testing methodologies, and risk assessment.
- To conduct vulnerability assessments using industry-standard tools and methodologies.
- To conduct penetration tests on systems and applications to identify security weaknesses.
- To understand the legal and ethical issues in security testing.
- To evaluate the risk associated with identified vulnerabilities and propose and implement strategies for mitigating security risks.
Syllabus
- Application Vulnerabilities and Exploitation
- Router Vulnerabilities and Wireless Security Testing
- Exploit Development with PWNTools
- Malware Analysis
- Web and Email Security
- Static and Binary Analysis with Debugger
- Azure Cloud Application Security
- Professional Reporting of Security Testing Findings
Recommended Reading
This list is indicative only – the class lecturer may recommend alternative reading material. Please do not purchase any of the reading material listed below until you have confirmed with the class lecturer that it will be used for this class.
- Practical Web Penetration Testing. by Gus Khawaja. Released June 2018. Publisher(s): Packt Publishing. ISBN: 9781788624039
- Network Security Assessment: Know Your Network Paperback - 2017 - 3rd Edition; Publisher O'Reilly Media; Date 2017-01-17; ISBN 9781491910955
- Metasploit, 2nd Edition. by David Kennedy, Mati Aharoni, Devon Kearns, Jim O'Gorman, and Daniel Graham. October 2024, 352 pp. ISBN-13: 9781718502987
- The Hacker Playbook 3: Practical Guide to Penetration Testing by Kim, Peter - ISBN 10: 1980901759 - ISBN 13: 9781980901754 - Independently published - 2018.
Last updated: 2024-08-12 07:33:29