Module title: Computer Penetration Testing

SCQF level: 11:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: CSN11127
Module leader: Rich Macfarlane
School School of Computing
Subject area group: Computer Systems
Prerequisites

N/A

2018/9, Trimester 2, Face-to-Face, Edinburgh Napier University
Occurrence: 001
Primary mode of delivery: Face-to-Face
Location of delivery: MERCHISTON
Partner: Edinburgh Napier University
Member of staff responsible for delivering module: Rich Macfarlane
Module Organiser:


Learning, Teaching and Assessment (LTA) Approach:
Initially focus is on a range of soft skills appropriate to performing security testing in a commercial environment, including planning activities & final reporting. Security testing has a range of legal issues to consider, so knowledge of applicable law is needed. Risk management and mitigation is important, so that the security testing process does not cause problems to live systems nor systems outside the scope of the work. This is mostly presented theoretically in lectures [LO1].
Practically, students work on first gaining an understanding of the tools and techniques for performing attacks on computer systems and networking, focussing on the use of such techniques as part of a security audit or penetration testing methodology. The course uses virtual machines and sandboxed environments to allow this type of activity to be carried out safely [LO2, 3]. Counter-attack techniques are introduced allowing the student to mitigate or completely block attacks [LO3]. Further lectures then consider the changing landscape of computer attack risk as well as current security issues [LO4, 5].
Lectures use examples and case studies -highlight the need for particular approaches/techniques,& use of commands to tackle the issues presented. Practicals follow up on the lectures, providing syntax and practice on the situations & commands discussed. This allows the lectures to minimise detailed discussions on command syntax,flags & other implementation issues, & focus on security concepts & attack vectors.
Distance learning mode-no timetabled sessions. Lecture material will rely on student-directed study of online material, including a suggested study schedule. Theoretical material normally covered in lectures will be made available electronically. Forums and email are available to support student interaction. The lab activities can be completed online using our web-based interactive virtual environments (such as linuxzoo) from anywhere in the internet.

Formative Assessment:
The University is currently undertaking work to improve the quality of information provided on methods of assessment and feedback. Please refer to the section on Learning and Teaching Approaches above for further information about this module’s learning, teaching and assessment practices, including formative and summative approaches.

Summative Assessment:
The University is currently undertaking work to improve the quality of information provided on methods of assessment and feedback. Please refer to the section on Learning and Teaching Approaches above for further information about this module’s learning, teaching and assessment practices, including formative and summative approaches.

Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Lecture 24
Face To Face Centrally Time Tabled Examination 24
Independent Learning Guided independent study 152
Total Study Hours200
Expected Total Study Hours for Module200


Assessment
Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Digital Examination (not Centrally Timetabled) 30 1 6 HOURS= 2, WORDS= 0
Practical Skills Assessment 40 2, 3 10 HOURS= 2, WORDS= 0
Report 30 3, 4, 5 13 HOURS= 30, WORDS= 0
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100

Description of module content:

This module will cover a range of elements concerned with digital penetration testing and security testing. Initial lectures consider important soft skills such as documentation techniques, reporting, the law, and risk assessment and management. The practical skills and their related theoretical knowledge include operating system weaknesses, information gathering (both passive and active), and various ethical hacking techniques and processes. Considerable practical focus is made on available tools to assist in auditing and penetration testing. Aspects targeted include operating systems, common network services, and network-based applications.

Learning Outcomes for module:

Upon completion of this module you will be able to:

LO1: Develop an advanced understanding and critically evaluate the planning, and execution, of computer security testing procedures, with particular reference to applicable law, risk management and risk mitigation

LO2: Investigate, critically analyse and reflect on common application, operating system and network vulnerabilities, both theoretically and practically

LO3: Apply the analytical and practical skills needed to perform, assess, and reflect on security testing with reference to appropriate methodologies and frameworks

LO4: Critically evaluate specific security problems and reflect on possible design and configuration changes to mitigate the issues identified

LO5: Reflect on, and critically evaluate, the current research into security testing, threat landscape, and vulnerability mitigation.

Indicative References and Reading List - URL:

Core - KALI LUNIX - HTTP://WWW.KALI.ORG
Core - NIST SP 800-115, TECHNICAL GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT, NIST - WWW.CSRC.NIST.GOV/PUBLICATIONS/NISTPUBS/800-115/SP800-115.PDF
Core - C. MCNAB (2008) NETWORK SECURITY ASSESSMENT: O’REILLY, 2nd ed. - ISBN: 0596510306
Recommended - HARPER (2011) GRAY HAT HACKING THE ETHICAL HACKER'S HANDBOOK: MSGRAWHILL, 3rd ed. - ISBN: 0071742557
Click here to view the LibrarySearch.