Syllabus - Penetration Testing and Vulnerability Analysis (CY-702 (A))

CSE-Cyber Security

Penetration Testing and Vulnerability Analysis (CY-702 (A))

VII-Semester

UNIT 1

Introduction to penetration testing, Legal and ethical considerations, Types of penetration testing, Penetration testing methodologies.

Information Gathering and Scanning: Foot printing and reconnaissance techniques, Network scanning and enumeration, SINT (Open-source intelligence) gathering, Vulnerability scanning tools.

UNIT 2

Exploitation and Post-Exploitation: Exploiting system and network vulnerabilities, Privilege escalation techniques, post-exploitation activities, Maintaining access and pivoting Web Application, Security, Introduction to web application security, Common web application vulnerabilities, Web application penetration testing methodologies, Web vulnerability scanners and tools.

UNIT 3

Wireless Network Security: Wireless network security concepts, Wi-Fi vulnerabilities and attacks, Wireless penetration testing techniques, securing wireless networks Social Engineering and Physical Security: Introduction to social engineering, Techniques and tactics of social engineering, Physical security vulnerabilities and testing, Mitigating social engineering and physical security risks.

UNIT 4

Cryptography and Secure Communications: Basics of cryptography, Cryptographic algorithms and protocols, Encryption, decryption, and key management, secure communication channelsReporting and Remediation: Documentation and reporting of findings, Prioritizing and mitigating vulnerabilities, engaging stakeholders and communicating recommendations, post-testing activities and continuous improvement.

UNIT 5

Mobile application security, Cloud security and testing (Internet of Things) security, red teaming and adversary simulation, Review of real-world penetration testing cases, Practical hands-on exercises, Capture the Flag (CTF) competitions, Final project and presentations.

Course Objective

This course introduces students to the fundamentals of penetration testing and vulnerability analysis. Students will learn about the methods, tools, and techniques used to identify and exploit security vulnerabilities in computer systems, networks, and applications. The course will emphasize hands-on practical exercises and real-world scenarios to enhance understanding and develop skills in the field.

Course Outcome

Students will be able to understand the concepts of penetration testing and vulnerability analysis. They will gain knowledge about different types of penetration testing, techniques for identifying and exploiting security vulnerabilities, and methods for securing computer systems, networks, and applications.

Practicals

  • Learn how to use tools like Nmap, Nessus, or OpenVAS to perform network scans and identify open ports, services, and potential vulnerabilities.

  • Implement Practice scanning a target network and analysing the results to identify potential attack vectors.

  • Implement Set up a vulnerable web application (e.g., OWASP Juice Shop or Damn Vulnerable Web Application) and practice identifying and exploiting security flaws.

  • Understand wireless network security concepts such as WEP, WPA, and WPA2 encryption.

  • Practice writing comprehensive penetration testing reports that highlight identified vulnerabilities, their impact, and recommended remediation steps.

Reference Books

  • Dafydd Stuttard and Marcus Pinto, "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws", Wiley Publication Year: 2011 (2nd edition).

  • David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni., “Metasploit: The Penetration Tester's Guide".

  • Patrick Engebretson, “The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy".

  • Michal Zalewski, “The Tangled Web: A Guide to Securing Modern Web Applications".

  • Mark Dowd, John McDonald, and Justin Schuh, “The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities".