Penetration Testing

Master's programme(s):
Course code(s):

DSC04

Instructors:
Course type:

Compulsory

Semester:

2

Learning outcomes:

On completing the course, the student will be able to:

  • Familiarize with the essential terminology of the Cybersecurity domain
  • Identify and being capable of performing research on the threats, vulnerabilities, exploits and risks that pertain to the cybersecurity domain
  • Understand the methodology of penetration testing and apply it ensure greater levels of protection of information systems
  • Develop new and improve existing technical skills
General competences:
  • Scan information systems for identifying security vulnerabilities
  • Perform open-source research to find vulnerabilities and exploits of information systems
  • Select and use the appropriate tools for performing penetration tests and evaluating the relevant countermeasures for enhancing the security posture of information systems
  • Decision Making
  • Teamwork
  • Production of free, creative, and inductive thinking
Syllabus:

The course introduces fundamental concepts and tools of Penetration Testing.

The student learns the essential background of information security and carefully moves to the methodologies used by adversaries to identify and exploit vulnerabilities of information systems. This in turns shifts him/her into proactively thinking on how to apply information security measures to protect information systems before they are being successfully taken over.

The student learns from a linear penetration testing approach, which includes the following topics

  • Introduction to information security and essential terminology
  • Introduction to Linux Operating Systems and Bash Scripting
  • Performing passive reconnaissance
  • Performing active reconnaissance
  • Applying network scanning and fingerprinting
  • Identifying vulnerabilities on systems and services
  • Using open-source tools for researching, finding, and elaborating exploits to identified vulnerabilities
  • Employing techniques for exploiting identified vulnerabilities
  • Implementing post-exploitation and lateral movement
Full course outline (PDF):