ISO 27002, Code of practice for information security, ISO/IEC

Andrew Whitaker, Daniel P. Newman, Penetration Testing and Network Defense, Cisco Press, 2005, ISBN: 1-58705-208-3

Harris, S., Harper, A., Eagle, C. Ness, J., Gray Hat Hacking:The Ethical Hacker's handbook, 2nd edition, McGraw-Hill, 2008, ISBN:0071495681

Handbook for Computer Security Incident Response Teams (CSIRTs), 2003, Carnegie Mellon University

Steve Manzuik, Network Security Assessment: from vulnerability to patch, 2007, Syngress William Stallings, Lawrie Brown, Computer Security:Principles and Practices, 2008, ISBN:9780136004240

Pfleeger, C.P., S.L Pfleeger, Security in Computing, Prentice Hall, 4th Edition, 2006, ISBN:978-0132390774

Learning Outcomes 1-4

100% Coursework consists of:
Class Test 50%
Case Study 50% - in the case study students will be asked to perform a risk assessment exercise of a network and present the vulnerabilities discovered

Understand the ethics and legal challenges of ethical hacking
Understand the business aspect behind ethical hacking
Analyse the technical foundation of hacking
Introduction to footprinting and scanning
System hacking and enumeration
Evaluation of automated security assessment tools
Utilisation of sniffers, session hijacking and denial of service to effectively gain access
Wireless Technologies, Security and Attacks
Cryptographic attacks and defences

none

Access to packet capturing software (wireshark, Packetyzer)
Virtual Network set in the Forensic lab
Virtual Environment (VMWare)

Practical tasks and tutorials will be used to re-enforce and apply theory to encourage an analytical and problem based approach to penetration testing. 1 hour lecture and 2 hours practical per week. (1:n)1 (1:20)2