ECCU 506: Conducting Penetration and Security Tests

Anyone connected to the internet or uses mobile devices in their daily lives is vulnerable to compromise by the “bad Guys”. Looking at how others might take advantage of these vulnerabilities and fixing them is perhaps the best way to mitigate these dangers. Constant testing of network systems is a necessary process in todays interconnected society, and understanding these methodologies is an important piece of this puzzle we are constructing.

Purpose of Class:

This course focuses on the mastery of the international standard for penetration testing. Topics include customers and legal agreements, penetration testing planning and scheduling, information gathering, external and internal network penetration testing, router penetration testing, firewalls penetration testing, intrusion detection system penetration testing, wireless networks penetration testing; password cracking penetration testing, social engineering penetration testing, PDA and cell phone penetration testing, and penetration testing report and documentation writing.

Course Learning Outcomes:

Students who successfully complete this class will be able to:

  1. Examine various penetration testing mechanisms, and choose suitable set of tests that balance cost and benefits.
  2. Use the penetration testing techniques that perform the intensive assessments required to effectively identify and mitigate risks to the security of your infrastructure.
  3. Demonstrate the compliance of the information system (BS7799, HIPAA etc) and adopt best practices by conforming to legal and industry regulations.
  4. Employ various network security devices, test for vulnerabilities and analyze the reports.
  5. Identify vulnerabilities that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.
  6. Perform internal and external penetration test audits on network infrastructure components and analyze the result.
  7. Analyze the techniques involved in gathering sensitive information and choose the best way to find the target company’s’ information.
  8. Discover any unauthorized access points and check for any services running on the wireless network.
  9. Examine various password cracking techniques, analyze the sensitive information and predict the implications.
  10. Develop the post penetration testing actions, analyze the results and present the findings clearly in the final report.

Related Courses

Course name Department Semester
ECCU 518: Special Topics: Introduction to Cloud Computing Master of Science in Cyber Security
ECCU 517: Cyber Law Master of Science in Cyber Security
ECCU 516: The Hacker Mind: Profiling the IT Criminal Master of Science in Cyber Security