Module Details

Module Code: SYST
Module Title: Penetration Testing
Title: Penetration Testing
Module Level:: 7
Credits:: 5
Module Coordinator: Nigel Whyte
Module Author:: Richard Butler
Domains:  
Module Description: To provide learners with a theoretical knowledge and the practical skills of security testing and documenting the security posture of software applications and underlying infrastructure, with particular emphases on web technologies.
 
Learning Outcomes
On successful completion of this module the learner will be able to:
# Learning Outcome Description
LO1 Appraise and exploit the most prevalent software application security vulnerabilities.
LO2 Produce documentation of activities performed during testing such that vulnerability exploitation is repeatable.
LO3 Produce and justify actionable results with information about possible remediation measures for the successfully identified vulnerabilities.
Dependencies
Module Recommendations

This is prior learning (or a practical skill) that is recommended before enrolment in this module.
No recommendations listed
Co-requisite Modules
No Co-requisite modules listed
Additional Requisite Information
No Co Requisites listed
 
Indicative Content
System Reconnaissance
Reconnaissance, footprinting, google Hacking, network and application scanning tools, enumeration techniques and tools.
System Hacking & Techniques
Hacking web-servers, hacking web applications, OWASP (Open Web Application Security Project) top ten vulnerability categories, hacking wireless networks, hacking mobile platforms, vulnerability exploitation, vulnerability scanning tools, social engineering, session hijacking.
Countermeasures and Evasion
Countermeasure bypass and Evasion techniques
Documentation
Produce documentation of vulnerability analysis. Promote and recommend appropriate protection/vulnerability mitigation measures.
Module Content & Assessment
Assessment Breakdown%
Continuous Assessment20.00%
Project40.00%
End of Module Formal Examination40.00%

Assessments

Full Time

Continuous Assessment
Assessment Type Examination % of Total Mark 10
Timing Week 10 Learning Outcomes 1,3
Non-marked No
Assessment Description
Examination on content up to week 10
Assessment Type Examination % of Total Mark 10
Timing Week 4 Learning Outcomes 1,3
Non-marked No
Assessment Description
Examination on content up to week 4
Project
Assessment Type Project % of Total Mark 40
Timing Week 12 Learning Outcomes 1,2,3
Non-marked No
Assessment Description
Project based on content covered in practical’s.
No Practical
End of Module Formal Examination
Assessment Type Formal Exam % of Total Mark 40
Timing End-of-Semester Learning Outcomes 1,2,3
Non-marked No
Assessment Description
The terminal exam will be a 3 hour written test.
Reassessment Requirement
Repeat examination
Reassessment of this module will consist of a repeat examination. It is possible that there will also be a requirement to be reassessed in a coursework element.

SETU Carlow Campus reserves the right to alter the nature and timings of assessment

 

Module Workload

Workload: Full Time
Workload Type Workload Category Contact Type Workload Description Frequency Average Weekly Learner Workload Hours
Lecture Contact No Description 12 Weeks per Stage 1.00 12
Laboratory Contact No Description 12 Weeks per Stage 2.00 24
Independent Learning Time Non Contact No Description 15 Weeks per Stage 5.93 89
Total Weekly Contact Hours 3.00
 
Module Resources
Supplementary Book Resources
  • Michal Zalewski. (2012), The Tangled Web, No Starch Press, p.320, [ISBN: 1593273886].
  • Patrick Engebretson. (2013), The Basics of Hacking and Penetration Testing, Syngress Press, p.204, [ISBN: 9780124116443].
  • Justin Clarke. SQL Injection Attacks and Defense, [ISBN: 978159749245].
This module does not have any article/paper resources
This module does not have any other resources
Discussion Note: