This course includes a study of theoretical and practical aspects of network and web application penetration testing. Students are able to evaluate the security of a network or system's infrastructure and outline how hackers find and attempt to exploit any vulnerabilities. Included in the course are in-depth details on ethical hacking, including reconnaissance, vulnerability assessment, exploitation, maintaining access and covering tracks. Current tools and methodologies are stressed.
Upon completion of the course, students are expected to be able to do the following:
- Explain the regulatory/legal requirements and rationale for penetration testing.
- Interpret and differentiate cyber threats and exploits in a penetration testing context.
- Distinguish key phases of ethical hacking: reconnaissance, scanning, gaining access, maintaining access, and covering the tracks.
- Perform protocol analysis using packet captures and analysis data using a network sniffer.
- Investigate and uncover network devices, operating systems, and services.
- Discover network security issues using an intrusion detection tool.
- Leverage penetration testing applications to recognize information targets across operating systems and services.
- Implement scripts and tools to assist in penetration testing.
- Deploy and test exploits targeting operating systems and services.
- Identify and exploit various vulnerabilities in web applications.