| Semester 1, 2020 On-campus Toowoomba | |
| Short Description: | Penetration Testing |
| Units : | 1 |
| Faculty or Section : | Faculty of Health, Engineering and Sciences |
| School or Department : | School of Sciences |
| Student contribution band : | Band 2 |
| ASCED code : | 020300 - Information Systems |
| Grading basis : | Graded |
Staffing
Examiner:
Requisites
Pre-requisite: CSC8100
Rationale
Penetration testing or ethical hacking involves testing computer systems, networks or web applications for security vulnerabilities which a hacker could potentially exploit. This course provides students with the skills to perform penetration testing to determine whether a system is vulnerable and to suggest countermeasures to the system owner.
Synopsis
This course provides students with practical experience attempting to break into computer systems for the purpose of stress testing and discovering weaknesses. Students will be using a list of exploits which they are expected to successfully exercise on a series of target systems provided.
Objectives
On successful completion of this course students should be able to:
- Use high-level knowledge of the current vulnerabilities of computer systems and networks including the exploitation of system weaknesses when designing and implementing well secured systems.
- Develop, apply and analyse scripts and tools used in penetration testing of computer systems.
- Successfully undertake remote penetration testing to identify system strengths and weaknesses.
- Identify, exploit, and report vulnerabilities to protect computing systems.
- Design and Apply creative problem solving techniques, based on evidence collected from penetration tests, to minimise the risk of being hacked.
- Understand and relate legal and ethical issues with penetration testing.
Topics
| Description | Weighting(%) | |
|---|---|---|
| 1. | Analyse the more important vulnerabilities of computer and web systems. | 20.00 |
| 2. | Compare and evaluate tools used in ethical hacking of computer and web systems. | 20.00 |
| 3. | Prepare payload scripts for exploiting vulnerabilities. | 10.00 |
| 4. | Explore various penetration testing standards and synthesize the standards into a single four phase approach to penetration testing. | 20.00 |
| 5. | Create and evaluate security audit report with evaluations, recommendations and remediation steps to correct the problems found. | 20.00 |
| 6. | Relate legal and ethical issues with penetration testing. | 10.00 |
Text and materials required to be purchased or accessed
ALL textbooks and materials available to be purchased can be sourced from (unless otherwise stated). (https://omnia.usq.edu.au/textbooks/?year=2020&sem=01&subject1=CSC8101)
Please for alternative purchase options from USQ Bookshop. (https://omnia.usq.edu.au/info/contact/)
Easttom, Chuck 2018, Penetration Testing Fundamentals – A Hands-On Guide to Reliable Security Audits.
(ISBN-13: 978-0-7897-5937-5 ISBN-10: 0-7897-5937-3.)
(ISBN-13: 978-0-7897-5937-5 ISBN-10: 0-7897-5937-3.)
Reference materials
Reference materials are materials that, if accessed by students, may improve their knowledge and understanding of the material in the course and enrich their learning experience.
Student workload expectations
| Activity | Hours |
|---|---|
| Assessments | 55.00 |
| Lectures | 26.00 |
| Practical Classes | 39.00 |
| Private ¾«¶«´«Ã½app | 45.00 |
Assessment details
| Description | Marks out of | Wtg (%) | Due Date | Objectives Assessed | Notes |
|---|---|---|---|---|---|
| Assignment 1 - Hacking | 100 | 30 | 26 Mar 2020 | 1,2,6 | (see note 1) |
| Assignment 2 - Tools & Report | 100 | 40 | 28 May 2020 | 1,2,3,4,5 | (see note 2) |
| Assignment 3 - Review | 100 | 30 | 01 Jun 2020 | 1,2,3,4,5 | (see note 3) |
Notes
- Investigate tools for use in penetration testing, including using the tools for some testing, and prepare a report comparing their features. Student will also compare and evaluate the legal issues of hacking in Australia and in other parts of the world. Investigate tools for use in penetration testing, including using the tools for some testing, and prepare a report comparing their features and ease of use.
- Use one or more tools to undertake penetration testing of a target system, according to a supplied guide, and prepare a report listing the vulnerabilities discovered.
- Present and peer review the Security Audit Reports via video conference facilities during the lecture time and/or tutorial time of the last teaching week.
Important assessment information
-
Attendance requirements:
It is the students' responsibility to attend and participate appropriately in all activities scheduled for them, and to study all material provided to them or required to be accessed by them, to maximise their chance of meeting the objectives of the course and to be informed of course-related activities and administration. -
Requirements for students to complete each assessment item satisfactorily:
To satisfactorily complete an individual assessment item a student must achieve at least 50% of the marks for that item. -
Penalties for late submission of required work:
Students should refer to the Assessment Procedure (point 4.2.4) -
Requirements for student to be awarded a passing grade in the course:
To be assured of receiving a passing grade a student must obtain at least 50% of the total weighted marks available for the course (i.e. the Primary Hurdle). -
Method used to combine assessment results to attain final grade:
The final grades for students will be assigned on the basis of the aggregate of the weighted marks obtained for each of the summative items for the course. -
Examination information:
RESTRICTED: Candidates are allowed access only to specific materials during a Restricted Examination. The only materials that candidates may use in the restricted examination for this course are:
• writing materials (non-electronic and free from material which could give the student an unfair advantage in the examination);
• calculators which cannot hold textual information
• Students whose first language is not English, may, take an appropriate unmarked non electronic translation dictionary (but not technical dictionary) into the examination.
• Dictionaries with any handwritten notes will not be permitted. Translation dictionaries will be subject to perusal and may be removed from the candidate’s possession until appropriate disciplinary action is completed if found to contain material that could give the candidate an unfair advantage. -
Examination period when Deferred/Supplementary examinations will be held:
Any Deferred or Supplementary examinations for this course will be held during the next examination period. -
¾«¶«´«Ã½app Student Policies:
Students should read the USQ policies: Definitions, Assessment and Student Academic Misconduct to avoid actions which might contravene ¾«¶«´«Ã½app policies and practices. These policies can be found at .
Assessment notes
-
Referencing in assignments must comply with the Harvard (AGPS) referencing system. This system should be used by students to format details of the information sources they have cited in their work. The Harvard (APGS) style to be used is defined by the USQ library’s referencing guide. This guide can be found at .