Penetration Testing

On successful completion of this module a student will be able to:
1 Validate and reflect on penetration testing technical boundaries, compliance and legislative requirements and the approaches and methodologies used before, during and after a penetration testing assessment.
2 Critically appraise and exploit the common vulnerabilities in protocols, systems, services and applications using appropriate penetration testing tools and recognised international standards and frameworks for a given scenario.
3 Critically discuss and implement a testing strategy to audit, identify, analyse, and recommend ways to rectify or mitigate vulnerabilities in an organisation’s network.

Theoretical and practical aspects of systems vulnerabilities and how they can be exploited using tools such as Nmap, Burp Suite, Metasploit, SQLmap, OWASP ZAP, and Kali Linux. Compliance to standards and legislative requirements that the testing plan must meet and appraisal of specific time constraints on testing or reporting, that a penetration tester will need to consider when allocating resources. Information gathering, network mapping and target identification. Security tool configuration and optimisation.
Assessment unchecked input, buffer overflows and shellcode, APIs and local and remote services, cloud computing (AWS/Azure), IoT, Web applications, front end and backend services, common infrastructure and non standard devices, configuration review and OS build standard review (CIS). Discussion of impact and weaponization of malware (viruses, worms and trojans), attacking design and implementation flaws, misconfiguration, techniques for firewall avoidance, packet crafting and address spoofing.
Network device security and secure configuration: routers and firewall rule review, management protocols, VoIP, VPN, wireless security and attacking variants of 802.11, IoT testing, industrial control device, testing. Unix security, Windows security. OWASP Web application security and web application testing, Mobile application device security and testing. Database security and database security testing. System auditing and system security testing strategies. Functional testing of security controls (positive / negative).
Reporting using CVSS scores and CHECK severity levels.

Coursework: 100%
Pass mark: 50%
Learning Outcomes: All.
3000 words.
A practical coursework for pen testing.

Nature of FORMATIVE assessment supporting student learning:
Formative feedback in the lectures, tutorials, lab exercises and group discussions.

• MSc Computer Forensics & Cyber Security

  The MSc Computer Forensics & Cyber Security, awarded by the University of Greenwich, is structured to provide a viable option to graduates of:

  • An honours degree 2:2 or above in computing or computing science or a suitable numerate subject (e.g. mathematics, physics, engineering, information systems or multimedia) that includes software development experience.
  • University of Greenwich's BSc (Hons) Computing and Information System with Upper Second Class Honours or above 
  • Mature applicants who demonstrate academic potential and work experience can also be assessed for eligibility.
  • Applicants with a similar level qualification may also be eligible for more information or email us at [email protected]

  Students on the MSc Computer Forensics & Cyber Security will learn a wide range of practical and theoretical skills which will develop a sound knowledge of cyber security and its application in real life situations.

  Our Computer Forensics and Cyber Security course allows students to familiarise themselves with the most recent technologies, scientific innovations and best practice in protecting digital infrastructures, from enterprise networks to Internet of Things environments. Students are also trained on modern tools and methodologies for conducting digital forensics investigations, spanning the whole range from the collection of evidence to analysis and acting as expert witnesses.

  This course is suitable for both newcomers to computer security and computer forensics and practitioners who wish to further their skills. It covers practical skills for network security, penetration testing and digital forensics, as well as the theory and scientific basis that underpins everyday practice. It also ensures that students have a basic understanding of the legal and regulatory requirements and the standards pertaining to computer security.

  Enrol by December 16, 2024, to receive a 10% discount.

  SBCS GLI alumni(degree graduates) will receive a 5% discount.
  Students paying in full will receive a 5% discount.
   

  Highlights at a glance

  • This programme is offered blended/online - part-time and comprises four (4) semesters
  • Total duration - 2 years (Part Time)
  • All material provided digitally
  • Blended approach to learning with a combination of self study, online sessions and workshops

  Programme Content at a glance

  • Modern methods and techniques for cyber security, including penetration testing and IT auditing.
  • Throughout this course you will study cyber security and digital forensics, system administration and security.
  • You will learn how to apply police and forensic methods to detecting cyber crime, using related software and hardware technologies.
  • This course includes hands-on training in current forensic tools as used by the police. Students can therefore contribute quickly to the well-being of corporate IT and informational assets.
  • University of Greenwich is an academic partner with The Council for Registered Ethical Security Testers (CREST) and with the Chartered Institute of Information Security (CIISec).
  • The degree is provisionally certified by the National Cyber Security Centre (NCSC), a part of GCHQ.

   

  At SBCS we focus on

  • Producing graduates who are capable of thinking critically, creatively and ethically.
  • Graduates that can contribute to emerging industries and societal development.
  • Read what some of our graduates have to say.