Module Descriptors
PENETRATION TESTING & ETHICAL HACKING
COMP70057
Key Facts
Digital, Technology, Innovation and Business
Level 7
20 credits
Contact
Leader: Christopher Hawkins
Hours of Study
Scheduled Learning and Teaching Activities: 52
Independent Study Hours: 148
Total Learning Hours: 200
Pattern of Delivery
- Occurrence A, Stoke Campus, PG Semester 2
- Occurrence B, Digital Institute London, PG Semester 2
Sites
- Digital Institute London
- Stoke Campus
Assessment
- PRACTICAL ASSESSMENT - 2 HOUR DEMONSTRATION weighted at 50%
- EXAMINATION - 1 HOUR EXAMINATION weighted at 50%
Module Details
Indicative Content
This module addresses the following topics:
Core competencies of ethical hacking and penetration testing
Understanding the ethics and legal challenges of cyber security
Holistic appreciation of ethical hacking in design and implementation
Current standards and accepted practices
Vulnerability identification and computer threats analysis and evaluation
Security Analysis Methodologies
Understanding the business aspect behind penetration Testing
Technical foundations of penetration testing
Introduction to footprinting and scanning
System hacking and enumeration
Adopting appropriate risk assessment strategy
Evaluation of automated security assessment tools
Report Writing and Post Test Actions
Research activities around the discipline of ethical hacking
Additional topics may be covered, where possible and appropriate. We will use examples from Linux and other modern operating systems to illustrate concepts covered through the course.
Core competencies of ethical hacking and penetration testing
Understanding the ethics and legal challenges of cyber security
Holistic appreciation of ethical hacking in design and implementation
Current standards and accepted practices
Vulnerability identification and computer threats analysis and evaluation
Security Analysis Methodologies
Understanding the business aspect behind penetration Testing
Technical foundations of penetration testing
Introduction to footprinting and scanning
System hacking and enumeration
Adopting appropriate risk assessment strategy
Evaluation of automated security assessment tools
Report Writing and Post Test Actions
Research activities around the discipline of ethical hacking
Additional topics may be covered, where possible and appropriate. We will use examples from Linux and other modern operating systems to illustrate concepts covered through the course.
Additional Assessment Details
Practical Assessment - A skills demonstration under exam conditions. Students will be asked to undertake a penetration test of a given target in a contained and legal environment, within the target there will be 10 “flags” which contain unique information. The students will be asked to undertake penetrating testing activities, in line with the ethical hacking lifecycle, in order to locate the flag information and will need to provide the information contained as their answers to the examination (Learning Outcomes 1 to 4).
Examination - An examination on the various tools, techniques, technologies and topics within Penetration Testing, following the industry standard examination style for hacking certifications (Learning Outcomes 1 to 4).
Examination - An examination on the various tools, techniques, technologies and topics within Penetration Testing, following the industry standard examination style for hacking certifications (Learning Outcomes 1 to 4).
Learning Strategies
The material will be presented through a combination of lectures, tutorials, practical exercises and directed self-study.
The lectures given will cover the theoretical content of the module giving the students a detailed understanding of various penetration testing techniques. The tutorial sessions will be provided to allow for discussion and practical exercises to be carried out. The tutorial sessions will be used to allow the student to experiment within a penetration testing environment.
The lectures given will cover the theoretical content of the module giving the students a detailed understanding of various penetration testing techniques. The tutorial sessions will be provided to allow for discussion and practical exercises to be carried out. The tutorial sessions will be used to allow the student to experiment within a penetration testing environment.
Learning Outcomes
1. Explain and analyse the stages required by an ethical hacker to compromise a target.
Knowledge and Understanding, Learning
2. Critically evaluate security measures implemented on a target system in both a theoretical and practical manner.
Analysis, Problem Solving, Application
3. Demonstrate a critical knowledge of both the tools, methods and procedures used with a secured network and host environment, and penetration testing in conducting hacking activities.
Analysis, Problem Solving
4. Demonstrate practical ability and understanding of the use of industry-standard hacking tools and techniques against both a networked environment and a single-host target.
Knowledge and Understanding, Reflection, Communication
Texts
Madsen, T. (2022), Security Architecture – How & Why (River Publishers Series in Security and Digital Forensics), River Publishers; 1st edition
Holt, T, J et. al. (2022), Cybercrime and Digital Forensics: An Introduction, Routledge; 3rd edition
Johansen, G, (2022), Digital Forensics and Incident Response: Incident response tools and techniques for effective cyber threat response, 3rd Edition, Packt Publishing; 3rd edition
Oettinger, G. (2022), Learn Computer Forensics: Your one-stop guide to searching, analyzing, acquiring, and securing digital evidence, 2nd Edition, Packt Publishing; 2nd edition
Mullins, M. (2022), Cyber Security Awareness: Employee Handbook, Kindle Edition
Anderson, R. (2021), Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition, Wiley, 3rd Edition
Lyon, G. (2008) NMAP Network Scanning.
Dieterle, D. (2018) Basic Security Testing with Kali Linux
Shatob, R. (2021) Penetration Testing: Step-by-Step Guide
Hadnagy, C. (2018) Social Engineering: The Science of Human Hacking
Holt, T, J et. al. (2022), Cybercrime and Digital Forensics: An Introduction, Routledge; 3rd edition
Johansen, G, (2022), Digital Forensics and Incident Response: Incident response tools and techniques for effective cyber threat response, 3rd Edition, Packt Publishing; 3rd edition
Oettinger, G. (2022), Learn Computer Forensics: Your one-stop guide to searching, analyzing, acquiring, and securing digital evidence, 2nd Edition, Packt Publishing; 2nd edition
Mullins, M. (2022), Cyber Security Awareness: Employee Handbook, Kindle Edition
Anderson, R. (2021), Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition, Wiley, 3rd Edition
Lyon, G. (2008) NMAP Network Scanning.
Dieterle, D. (2018) Basic Security Testing with Kali Linux
Shatob, R. (2021) Penetration Testing: Step-by-Step Guide
Hadnagy, C. (2018) Social Engineering: The Science of Human Hacking
Resources
VMWare Workstation v16 or later
Kali Linux
ParrotOS
Host Machine with at least 8GB RAM, i5 or later processor, 250GB SSD Storage
Kali Linux
ParrotOS
Host Machine with at least 8GB RAM, i5 or later processor, 250GB SSD Storage
Web Descriptors
On this module you will study computer systems and network infrastructure as an attractive target to attackers. Hackers often manipulate software vulnerabilities and poor configuration to successfully gain access and steal information. To secure a system it is essential for computer security professionals to understand the structure, configuration, tools and techniques that hackers rely upon to successfully commit their act. It is also important to test the network regularly and discover any vulnerability due to miss configuration or poor patching.