IY3D607 - Security Operations & Penetration Testing 01 Jul 2022 - 31 Aug 2028 | Version 1
Associated Module Information
| Module Code: | IY3D607 | ||
|---|---|---|---|
| Module Title: | Security Operations & Penetration Testing | ||
| Faculty: | Faculty of Computing, Engineering and Science | ||
| Faculty Group: | Computing and Mathematics | ||
| Faculty Sub Group: | Cyber Security | ||
| Module Leader: | Joshua Richards | ||
| Module Team: | Sharan Johnstone, Rachael Medhurst, Emma Derbi, Andrew Bellamy, Beth Jenkins, Madhu Khurana, Peter Eden, Richard Ward, Arun Kumar, Nisha Rawindaran, Mamoun Qasem, Laura Ferguson | ||
| First Intended Intake: | SEP 2022 | Final Year of Intake: | |
| Date Closed: | |||
| Credit Value: | 40 | Credit Level: | 6 |
| Language: | English | ||
| Percentage of Module Taught in Welsh: | 0 | ||
| Equivalent Module: | |||
| HECOS codes: | 100376 - computer and information security | ||
| HECOS Code Weighting: | 100 | ||
Document Version Information
| Version | 1 |
|---|---|
| Valid From | 01 Jul 2022 |
| Valid To | 31 Aug 2028 |
Module Aims
To provide theory and detailed technical knowledge of the advanced tools and techniques associated with red team and blue team penetration testing.
Content Summary
Penetration Testing Guidance and Methodologies.
Red Team Pen Testing: (Attack)
Information Gathering.
Target Discovery and Enumeration.
Vulnerability Mapping.
Vulnerability Exploitation.
Target Exploit Delivery
Exploitation Techniques.
Web Application Security Vulnerabilities
Web Application Security hardening.
Blue Team Pen Testing: (Defense)-
Security Operations Centre (SOC):-
Mitigating Exploitation of vulnerabilities
Advanced Persistent Threats.
Investigation of logs and Alerts.
Detection and Malware analysis (Static/Dynamic Analysis).
Reverse Engineering Introduction.
Intrusion Detection
Data Exfiltration Detection
Network package Capturing and analysis in Wireshark.
Learning and Teaching Methods
| Activity Type | Hours |
|---|---|
| Lecture | 20 |
| Seminar | 10 |
| Tutorial | 20 |
| Practical classes and workshops | 48 |
| Independent Study | 130 |
| Directed Study | 102 |
| Formative Assessment - Scheduled | 2 |
| Groupwork | 14 |
| Interdisciplinary work | 14 |
| Problem / challenge based learning | 40 |
| Total Hours Selected | 400 |
Learning Outcomes
| # | Learning Outcome |
|---|---|
| LO1 | Critically valuate the requirements of the delivery of a penetration testing service (e.g., blue team/red team). |
| LO2 | Manage the creation and delivery of a penetration testing service. |
Module Requisites
N/A
Assessment Criteria
| Assessment Category | Assessment Type | Description | Duration | Word Count | Weight (%) | Best of? | Pass Mark |
|---|---|---|---|---|---|---|---|
| Asynchronous Assessment | Practical Written Work 2 | Manage the creation and delivery of a penetration testing service. | 0 | 4000 | 50 | No | 40 |
| Asynchronous Assessment | Practical Written Work 1 | Manage the creation and delivery of a penetration testing service. | 0 | 4000 | 50 | No | 40 |
Assessment Matrix
| Assessment Type | Learning Outcomes | ||
|---|---|---|---|
| LO1 | LO2 | ||
| Practical Written Work 2 | ✔ | ✔ | |
| Practical Written Work 1 | ✔ | ✔ | |