To provide learners with a theoretical knowledge and the practical skills of security testing and documenting the security posture of software applications and underlying infrastructure, with particular emphases on web technologies.
Learning Outcomes
On successful completion of this module the learner will be able to:
#
Learning Outcome Description
LO1
Appraise and exploit the most prevalent software application security vulnerabilities.
LO2
Produce documentation of activities performed during testing such that vulnerability exploitation is repeatable.
LO3
Produce and justify actionable results with information about possible remediation measures for the successfully identified vulnerabilities.
Dependencies
Module Recommendations
This is prior learning (or a practical skill) that is recommended before enrolment in this module.
No recommendations listed
Co-requisite Modules
No Co-requisite modules listed
Additional Requisite Information
No Co Requisites listed
Indicative Content
System Reconnaissance
Reconnaissance, footprinting, google Hacking, network and application scanning tools, enumeration techniques and tools.
System Hacking & Techniques
Hacking web-servers, hacking web applications, OWASP (Open Web Application Security Project) top ten vulnerability categories, hacking wireless networks, hacking mobile platforms, vulnerability exploitation, vulnerability scanning tools, social engineering, session hijacking.
Countermeasures and Evasion
Countermeasure bypass and Evasion techniques
Documentation
Produce documentation of vulnerability analysis.
Promote and recommend appropriate protection/vulnerability mitigation measures.
Module Content & Assessment
Assessment Breakdown
%
Continuous Assessment
20.00%
Project
40.00%
End of Module Formal Examination
40.00%
Assessments
Full Time
Continuous Assessment
Assessment Type
Examination
% of Total Mark
10
Timing
Week 10
Learning Outcomes
1,3
Non-marked
No
Assessment Description Examination on content up to week 10
Assessment Type
Examination
% of Total Mark
10
Timing
Week 4
Learning Outcomes
1,3
Non-marked
No
Assessment Description Examination on content up to week 4
Project
Assessment Type
Project
% of Total Mark
40
Timing
Week 12
Learning Outcomes
1,2,3
Non-marked
No
Assessment Description Project based on content covered in practical’s.
No Practical
End of Module Formal Examination
Assessment Type
Formal Exam
% of Total Mark
40
Timing
End-of-Semester
Learning Outcomes
1,2,3
Non-marked
No
Assessment Description The terminal exam will be a 3 hour written test.
Reassessment Requirement
Repeat examination Reassessment of this module will consist of a repeat examination. It is possible that there will also be a requirement to be reassessed in a coursework element.
SETU Carlow Campus reserves the right to alter the nature and timings of assessment
Module Workload
Workload: Full Time
Workload Type
Workload Category
Contact Type
Workload Description
Frequency
Average Weekly Learner Workload
Hours
Lecture
Contact
No Description
12 Weeks per Stage
1.00
12
Laboratory
Contact
No Description
12 Weeks per Stage
2.00
24
Independent Learning Time
Non Contact
No Description
15 Weeks per Stage
5.93
89
Total Weekly Contact Hours
3.00
Module Resources
Supplementary Book Resources
Michal Zalewski. (2012), The Tangled Web, No Starch Press, p.320, [ISBN: 1593273886].
Patrick Engebretson. (2013), The Basics of Hacking and Penetration Testing, Syngress Press, p.204, [ISBN: 9780124116443].
Justin Clarke. SQL Injection Attacks and Defense, [ISBN: 978159749245].
This module does not have any article/paper resources