ITE535 Pen Testing (8)

A penetration test, colloquially known as a pen test, is an authorised simulated cyber attack on a computer system, performed to evaluate the security of the system. During this subject, students will learn how to use penetration testing to gain an understanding of the security posture of IT environments and then highlight short- and long-term recommendations for increasing security. Students will then develop a comprehensive report detailing the findings of a penetration test and what steps the organisation needs to take to reduce their cyber security risk profile. The subject also provides hands-on activities for students to practice their penetration testing skills by engaging in a practical exercise in which they hack into a controlled lab environment.

Availability

Session 3 (90)
Online
Wagga Wagga Campus

Continuing students should consult the SAL for current offering details: ITE535. Where differences exist between the Handbook and the SAL, the SAL should be taken as containing the correct subject offering details.

Subject Information

Grading System

HD/FL

Duration

One session

School

School of Computing, Mathematics and Engineering

Enrolment Restrictions

Only available to students enrolled in IT Masters relevant courses.

Learning Outcomes

Upon successful completion of this subject, students should:
  • be able to identify the vulnerabilities of systems and allocate priority to activities needed to improve security and securing infrastructure;
  • be able to validate and exploit common vulnerabilities located in the attack surface of systems and applications;
  • be able to determine the plausibility of a particular set of attack vectors;
  • be able to advise on how organisations can meet cyber security compliance requirements;
  • be able to assess and report on the potential impact of cyber security breaches on a company; and
  • be able to develop a detailed penetration testing report at a professional level suitable for a company executive audience.

Syllabus

This subject will cover the following topics:
  • Scoping a penetration test
  • Putting together a penetration testing platform
  • Risk Management Basics
  • Scanning the network
  • Compliance
  • Customer engagement
  • Service and account enumeration
  • Social engineering
  • Vulnerability scanning
  • Web application exploits
  • Privilege escalation
  • Wireless attacks
  • The penetration test report

Indicative Assessment

The following table summarises the assessment tasks for the online offering of ITE535 in Session 3 2021. Please note this is a guide only. Assessment tasks are regularly updated and can also differ to suit the mode of study (online or on campus).

Item Number
Title
Value %
1
Attack platform & challenge virtual machines (i)
15
2
Attack platform & challenge virtual machines (ii)
15
3
Penetration test report
30
4
Final exam
40

The information contained in the CSU Handbook was accurate at the date of publication: May 2022. The University reserves the right to vary the information at any time without notice.

Back