Security testing: theory and practice


This module provide the foundation and theoretical underpinning which aims to give an understanding of the way in which IT systems can be attacked and penetrated by circumventing security or exploiting vulnerabilities in the system.

This foundation forms the basis of a methodical approach to surveying and auditing systems, and prepares candidates to design secure systems, identify vulnerabilities, and defend systems against intrusion.


IYM003 Network Security and IYM004 Computer Security (or equivalent industry experience or certifications)

Topics covered

  • Security testing Management and Methodology
  • Network based Security Testing
  • System Based Security Testing
  • Web Application Security Testing
  • Pen testing Lab Sessions
  • Legal Aspects
  • Revision

Learning outcomes

If you complete the module successfully, you should have:

  • gained an understanding of common approaches and methodologies used for carrying out and managing security and penetration testing, as well as an understanding of the legal aspects involved in such audits.
  • gained a detailed understanding of some typical network protocols, relevant computer system architectures, and web application systems.
  • gained an understanding of the vulnerabilities in some existing protocols, systems, and applications, and some common forms of attack; in addition, an understanding of the security technologies designed to mitigate these vulnerabilities.
  • gained practical experience of how these vulnerabilities may be exploited in practice to penetrate a system.


This module is assessed by a two-hour unseen written examination.

Essential reading

  • Professional Penetration Testing, 2nd Edition, Syngress, 2013. (T.Wilhelm)
  • Hacking Exposed 7: Network Security Secrets and Solutions. McGraw‐Hill, 2012. (S.McCLure et al.)