This foundation forms the basis of a methodical approach to surveying and auditing systems, and prepares candidates to design secure systems, identify vulnerabilities, and defend systems against intrusion.
Pre-requisites
IYM003 Network Security and IYM004 Computer Security (or equivalent industry experience or certifications)
Topics covered
- Security testing Management and Methodology
- Network based Security Testing
- System Based Security Testing
- Web Application Security Testing
- Pen testing Lab Sessions
- Legal Aspects
- Revision
Learning outcomes
If you complete the module successfully, you should have:
- gained an understanding of common approaches and methodologies used for carrying out and managing security and penetration testing, as well as an understanding of the legal aspects involved in such audits.
- gained a detailed understanding of some typical network protocols, relevant computer system architectures, and web application systems.
- gained an understanding of the vulnerabilities in some existing protocols, systems, and applications, and some common forms of attack; in addition, an understanding of the security technologies designed to mitigate these vulnerabilities.
- gained practical experience of how these vulnerabilities may be exploited in practice to penetrate a system.
Assessment
This module is assessed by a two-hour unseen written examination.
Essential reading
- Professional Penetration Testing, 2nd Edition, Syngress, 2013. (T.Wilhelm)
- Hacking Exposed 7: Network Security Secrets and Solutions. McGraw‐Hill, 2012. (S.McCLure et al.)