Ethical Hacking and Penetration Testing
2010-2011 - IMT3491 - 5sp

Anbefalt forkunnskap

IMT2282 Operating systems

Forventet læringsutbytte

The course will address the methodology of penetration testing, learning how penetration tests are
constructed and experimenting with penetration testing tools in the laboratory. The course will look at
vulnerabilities in software both at server and client side, with a high focus on network applications.

The students should after the end of the course have a good overview of how an effective penetration test
should take place and of the threats that exists towards software, networks, and network services. A
deeper analysis and a set of practical exercises will be the foundation for a deeper understanding into
some specific security vulnerabilities that exists.

Emnets temaer

Ethical Hacking and Penetration Testing – definitions
Penetration Testingx¨ Methodologies
Password attacks
Privilege escalation
Network mapping
Software vulnerabilities
Web application problems
XSS, parameters, persistence
SQLinjection
Data mining
Fuzzing

Pedagogiske metoder

Forelesninger
Gruppearbeid
Lab.øvelser
Oppgaveløsning

Vurderingsformer

Skriftlig eksamen, 2 timer
Vurdering av prosjekt(er)

Vurderingsformer

Written exam (51%), depending on the number of student the exam might be oral
Project (49%)
Both parts must be passed

Karakterskala

Bokstavkarakterer, A (best) - F (ikke bestått)

Sensorordning

Evaluation by the lecturer and external examiner

Utsatt eksamen (tidl. kontinuasjon)

Ordinary re-sit examination
New project(s) at next course dates

Tillatte hjelpemidler (gjelder kun skriftlig eksamen)

None

Obligatoriske arbeidskrav

2 approved exercises

Læremidler

Articles and book chapters. Specifics to be announced at course start.

Supplerende opplysninger

In case there will be less than 5 students that will apply for the course, it will be at the discretion of Studieprogramansvarlig whether the course will be offered or not an if yes, in which form.