Syllabuses - PG

CS885 - Vulnerability Assessment & Security Testing

TIMETABLETEACHING MATERIAL
Credits20
Level5
SemesterSemester 2
Availability
Prerequisites
  • Information Security Fundamentals
  • Security Protocols and Threat Models
     
Learning Activities Breakdown
Items of Assessment2
Assessment
  • 100% Coursework: Student will explore vulnerable machines to assess their hands-on skills in identifying vulnerabilities and exploiting them and submit a report.
  1. Coursework 1 (50%): This is a hands-on assessment, where students will engage with vulnerable machines, honing their skills in identifying and exploiting vulnerabilities. This assessment is designed as a Capture the Flag (CTF) challenge, providing a simulated environment where students must employ their problem-solving abilities and technical acumen to succeed. Students will need to document their entire process in a detailed report. This report serves as a crucial component of the evaluation, requiring students to articulate their methodology, the attack vectors they explored, and the techniques they employed to exploit vulnerabilities successfully. 
  2. Coursework 2 (50%): Students will be asked to submit a report exploring theoretical knowledge and understanding of concepts. 
LecturerJide Edu

Aims and Objectives

Learning Outcomes

At the end of this module students should be able: 

  1. To have a deep understanding of theoretical knowledge about vulnerability types, security testing methodologies, and risk assessment.
  2. To conduct vulnerability assessments using industry-standard tools and methodologies.
  3. To conduct penetration tests on systems and applications to identify security weaknesses.
  4. To understand the legal and ethical issues in security testing.
  5. To evaluate the risk associated with identified vulnerabilities and propose and implement strategies for mitigating security risks.

At the end of this module students should have the following transferrable skills

  1. To develop well-structured reports for both technical and wider business audiences.
  2. To demonstrate self-direction and originality in problem solving.
  3. To apply information security management, risk management and information security techniques and mechanisms.

Syllabus

In this module, you’ll look at the different flaws which may be present in applications. You’ll use industry tools to search for, and exploit different flaws, which will aid you in your ability to recognise and report flaws to your client. This module has been developed in line with industry practice in carrying out ethical hacking tasks, which allows us to find vulnerabilities in for entry to the system or affect the availability of a system if discovered by a malicious actor. The module is primarily practical, with some underlying theory to help explain the practical assignments. 

Recommended Reading

This list is indicative only – the class lecturer may recommend alternative reading material. Please do not purchase any of the reading material listed below until you have confirmed with the class lecturer that it will be used for this class.

  1. Practical Web Penetration Testing. by Gus Khawaja. Released June 2018. Publisher(s): Packt Publishing. ISBN: 9781788624039
  2. Network Security Assessment: Know Your Network Paperback - 2017 - 3rd Edition; Publisher O'Reilly Media; Date 2017-01-17; ISBN 9781491910955
  3. Metasploit, 2nd Edition. by David Kennedy, Mati Aharoni, Devon Kearns, Jim O'Gorman, and Daniel Graham. October 2024, 352 pp. ISBN-13: 9781718502987
  4. The Hacker Playbook 3: Practical Guide to Penetration Testing by Kim, Peter - ISBN 10: 1980901759 - ISBN 13: 9781980901754 - Independently published - 2018.

Last updated: 2024-08-12 07:35:49