IY2S504 - Team Project Pen Testing 01 Sep 2022 - 31 Aug 2028 | Version 3
Associated Module Information
| Module Code: | IY2S504 | ||
|---|---|---|---|
| Module Title: | Team Project Pen Testing | ||
| Faculty: | Faculty of Computing, Engineering and Science | ||
| Faculty Group: | Cyber Security | ||
| Faculty Sub Group: | Cyber Security | ||
| Module Leader: | Peter Eden | ||
| Module Team: | Andrew Bellamy, Sharan Johnstone, Christopher Tubb, Christopher Manley, Madhu Khurana, Emma Derbi, Joshua Richards, Richard Ward, Beth Jenkins, Arun Kumar, Rachael Medhurst, Nisha Rawindaran, Mamoun Qasem, Chelsea Cooper | ||
| First Intended Intake: | NOV 2015 | Final Year of Intake: | |
| Date Closed: | |||
| Credit Value: | 20 | Credit Level: | 5 |
| Language: | English | ||
| Percentage of Module Taught in Welsh: | 0 | ||
| Equivalent Module: | |||
| HECOS codes: | 100376 - computer and information security | ||
| HECOS Code Weighting: | 100 | ||
Document Version Information
| Version | 3 |
|---|---|
| Valid From | 01 Sep 2022 |
| Valid To | 31 Aug 2028 |
Module Aims
To develop the students ability to create and deliver a penetration testing service within a team environment.
Content Summary
Risk Management and Governance:
Understanding requirements
- Defining the Scope of the Test
- Legal issues and requirements
- Managing risk
- Testing methodology and platform
risk assessment and management principles
elements of risk
- vulnerability
- threat
- likelihood
- impact
Ethics
- obligations owed to a client
- codes of conduct
- vulnerability testing
Technical Assessment
Technology and vulnerabilities
Assessing network and application design
- Network protocols and vulnerability
Security Testing
- Network and service Enumeration
- Common network attacks
- Man-in-the-middle
- Packet sniffing
- Identification and proof of issues
- Classifying risk
- Remediation
Management presentation of results
Technical presentation of results
Web Security:
server side vulnerabilities and mitigations
- injection vulnerabilities
SQL-injection
- blind attacks
- prepared statements
local file inclusion
cross-site scripting (XSS)
- stored XSS attacks
- reflected XSS attacks
Software Security:
categories of vulnerabilities
- CVEs and CWEs
- structured output generation vulnerabilities
Learning and Teaching Methods
| Activity Type | Hours |
|---|---|
| Lecture | 24 |
| Practical classes and workshops | 24 |
| Independent Study | 80 |
| Directed Study | 72 |
| Total Hours Selected | 200 |
Learning Outcomes
| # | Learning Outcome |
|---|---|
| LO1 | To work as part of a group in the delivery of a penetration testing service |
| LO2 | To manage the creation and delivery of a penetration testing service. |
Module Requisites
N/A
Assessment Criteria
| Assessment Category | Assessment Type | Description | Duration | Word Count | Weight (%) | Best of? | Pass Mark |
|---|---|---|---|---|---|---|---|
| Asynchronous Assessment | Portfolio 1 | To develop a full Penetration Testing Service | 0 | 4000 | 100 | No | 40 |
Assessment Matrix
| Assessment Type | Learning Outcomes | ||
|---|---|---|---|
| LO1 | LO2 | ||
| Portfolio 1 | ✔ | ✔ | |