course-details-portlet

IMT3491

Ethical Hacking and Penetration Testing

Credits 5
Level Third-year courses, level III
Course start Autumn 2016
Duration 1 semester
Language of instruction English
Examination arrangement Written exam and Project work

About

About the course

Course content

Ethical hacking and penetration testing - definitions

Penetration testing methodologies

Hands-on penetration testing

Learning outcome

Knowledge: 

Explain how a penetration test is planned, executed, documented and terminated.

Account for vulnerabilities in general and common services running on internal and external servers for a generic company.

Predict client side vulnerabilities and use the new methods for security breaches that may occur here.

Skills:

Master the most common hacking and penetration testing tools and apply these tools to perform simple penetration testing tasks.

Carry out structured and effective search for security issues in computer systems and computer networks.

Construct  effective penetration tests given existing threats towards software, networks, and network services.

Use and abuse access to one system in order to gather more information about the networks and services used by this system.

General competence:

Awareness of vulnerabilities in software both at server and client side, with an extra focus on network applications.

Sensitivity for potential vulnerabilities in the computer systems and networks of a generic company, and ability to make an analysis of potential threats based on a network description.

Overview of a wide set of tools for testing and accessing systems and networks.

Learning methods and activities

Forelesninger|Lab.øvelser|Prosjektarbeid

Obligatoriske arbeidskrav:

2 (two) approved exercises.

Compulsory assignments

  • Approved exercises

Further on evaluation

Utfyllende om kontinuasjon:

No re-sit examination - projects and exam are closely connected and related

New project(s) and new exam(s) at next course dates

Vurderingsformer:

 Written OR digital exam (50%), depending on the number of students the exam might be oral

 Project work (50%)

 Both parts must be passed

Specific conditions

Admission to a programme of study is required:
Drift av nettverk og datasystemer (BDR)
Informasjonssikkerhet (BIS)
Information Security (MIS)
Information Security (MISD)

Required previous knowledge

IMT2282 Operating systems

Course materials



Thomas Wilhelm (2013). Professional Penetration Testing, Second Edition: Creating and Learning in a Hacking Lab 2nd Edition.

Georgia Weidman (2014). Penetration Testing: A Hands-On Introduction to Hacking 1st Edition

Additional materials

Lee Allen (2012). Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide.

Credit reductions

Course code Reduction From
IMT3004 3.7 sp
This course has academic overlap with the course in the table above. If you take overlapping courses, you will receive a credit reduction in the course where you have the lowest grade. If the grades are the same, the reduction will be applied to the course completed most recently.

Subject areas

  • Information Security

Contact information

Course coordinator

  • Basel Katt

Department with academic responsibility

Department of Information Security and Communication Technology

Examination

Examination

Examination arrangement: Written exam and Project work
Grade: Letters

Ordinary examination - Autumn 2016

Projectwork
Weighting 1/2 Date Submission 2016-11-11
Written exam
Weighting 1/2 Date 2016-11-30 Time 09:00 Duration 2 timer Place and room Not specified yet.

All about examinations at NTNU