IY3D607 - Security Operations & Penetration Testing   01 Jul 2022 - 31 Aug 2028 | Version 1

Associated Module Information

Module Code: IY3D607
Module Title: Security Operations & Penetration Testing  
Faculty: Faculty of Computing, Engineering and Science
Faculty Group: Computing and Mathematics
Faculty Sub Group: Cyber Security
Module Leader: Joshua Richards
Module Team: Sharan Johnstone, Rachael Medhurst, Emma Derbi, Andrew Bellamy, Beth Jenkins, Madhu Khurana, Peter Eden, Richard Ward, Arun Kumar, Nisha Rawindaran, Mamoun Qasem, Laura Ferguson
First Intended Intake: SEP 2022 Final Year of Intake:
Date Closed:
Credit Value: 40 Credit Level: 6
Language: English
Percentage of Module Taught in Welsh: 0
Equivalent Module:
HECOS codes: 100376 - computer and information security
HECOS Code Weighting: 100

Document Version Information

Version 1
Valid From 01 Jul 2022
Valid To 31 Aug 2028

Module Aims

To provide theory and detailed technical knowledge of the advanced tools and techniques associated with red team and blue team penetration testing.

Content Summary

Penetration Testing Guidance and Methodologies.


Red Team Pen Testing: (Attack)

  • Information Gathering.

  • Target Discovery and Enumeration.

  • Vulnerability Mapping.

  • Vulnerability Exploitation.

  • Target Exploit Delivery

  • Exploitation Techniques.

  • Web Application Security Vulnerabilities

  • Web Application Security hardening.

Blue Team Pen Testing: (Defense)-
Security Operations Centre (SOC):-

  • Mitigating Exploitation of vulnerabilities

  • Advanced Persistent Threats.

  • Investigation of logs and Alerts.

  • Detection and Malware analysis (Static/Dynamic Analysis).

  • Reverse Engineering Introduction.

  • Intrusion Detection

  • Data Exfiltration Detection

  • Network package Capturing and analysis in Wireshark.

Learning and Teaching Methods

Activity Type Hours
Lecture 20
Seminar 10
Tutorial 20
Practical classes and workshops 48
Independent Study 130
Directed Study 102
Formative Assessment - Scheduled 2
Groupwork 14
Interdisciplinary work 14
Problem / challenge based learning 40
Total Hours Selected 400

Learning Outcomes

# Learning Outcome
LO1 Critically valuate the requirements of the delivery of a penetration testing service (e.g., blue team/red team).
LO2 Manage the creation and delivery of a penetration testing service.

Module Requisites

N/A

Assessment Criteria

Assessment Category Assessment Type Description Duration Word Count Weight (%) Best of? Pass Mark
Asynchronous Assessment Practical Written Work 2 Manage the creation and delivery of a penetration testing service. 0 4000 50 No 40
Asynchronous Assessment Practical Written Work 1 Manage the creation and delivery of a penetration testing service. 0 4000 50 No 40

Assessment Matrix

Assessment Type Learning Outcomes
LO1 LO2
Practical Written Work 2
Practical Written Work 1

Reading List

https://rl.talis.com/3/southwales/lists/7D542A2A-32EC-AB41-93B1-E7A039D49789.html?lang=en&login=1

Essential Reading:

Blokdyk, G. (2020) Cyber Security Red Team A Complete Guide . 5STARCooks

Bramwell, P. (2018).Hands-On Penetration Testing on Windows, 1st Edition. Packt Publishing.

Jarpet, G. et al (2017) Security operations center guidebook: a practical guide for a successful SOC. Elsevier, Science Direct

Tanner, N. (2019) Cybersecurity blue team toolkit. Indianapolis, Indiana : Wiley

Recommended Reading:

Demertzis, K et al. (2021 The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence, ProQuest Central UK/Ireland. Publicly Available Content Database in Big data and cognitive computing, Article. Academia,edu.

Thomas, E. (2018) Security Operations Center - Siem Use Cases and Cyber Threat Intelligence. Arun Thomas Publishing.