lOMoARcPSD|44045953

INT245 - Syllabus of Penetration

Testing.

Computer Science (Anna University)

Scan to open on Studocu

Downloaded by vanitha Raja

 lOMoARcPSD|44045953

Studocu is not sponsored or endorsed by any college or university

Downloaded by vanitha Raja

 lOMoARcPSD|44045953

INT245:PENETRATION TESTING

L:2 T:0 P:2 Credits:3

Course Outcomes: Through this course students should be able to

CO1 :: recite how to analyze the outcome from the tools and technologies used by security analyst

CO2 :: examine intensive assessments required to effectively identify and mitigate risks to the
information security of the infrastructure
CO3 :: summarize weaknesses in information system and recommend mitigation measures to
increase the resistance of the information technology (IT) infrastructure to unauthorized access.
CO4 :: analyze the outcomes of vulnerability assessments in the form of penetration testing reports

CO5 :: recommend various regulatory compliances related to penetration testing responsibilities

CO6 :: compile testing deliverables out of penetration testing reports and suggest post corrective
actions
Unit I
Introduction to Penetration Testing Methodologies : Penetration Testing, Common
Penetration Testing Techniques, Penetration Testing Process, Announced Testing/Unannounced
Testing, Types of Penetration Testing, Strategies of Penetration Testing, Operational Strategies for
Security Testing, Identifying Benefits of Each Test Type, Prioritizing the Systems for Testing, Phases
of Penetration Testing
Introduction to Customers and Legal Agreements : Why Organizations Need Penetration
Testing, Initial Stages in Penetration Testing, Understand Customer Requirements, Penetration
Testing “Rules of Behavior”, Approaches, Techniques of Attack, Penetration Testing Risks, Penetration
Testing by Third Parties, Legal Consequences, Confidentiality and NDA Agreements
Unit II
Introduction to Duties of a Licensed Penetration Tester : Duties of a Licensed
Penetration Tester, LPT-Audited Logos, Standards and Compliance, Laws, Rules of Engagement
(ROE)
Introduction to Penetration Testing Planning and Scheduling : Purpose of a Test Plan, Building
a Penetration Test Plan, Setting Up a Test Goal, IEEE Standards, Test-Plan Identifier, Test
Deliverables, Penetration Test Planning Phases, Defining the Scope, Staffing, Developing the Project
Plan, Meeting with the Client
Unit III

Introduction to Pre–Penetration Testing : Checklist, Pre-penetration Testing Steps, Types of

penetration Testing, Firewall penetration testing, social engineering penetration testing, Password
cracking penetration testing
Introduction to Information Gathering and Social Engineering : Penetration Testing,
Information-Gathering Steps, Social Engineering, Requirements of Social Engineering, Steps
Preceding a Social Engineering Attempt, Dress Professionally, and Steps in Conducting a Social
Engineering Penetration Test
Unit IV

Introduction to Vulnerability Analysis : Vulnerability Assessment Steps, Vulnerability

Classification, Types of Vulnerability Assessment, Vulnerability Assessment Phases, Pre assessment
Phase, Assessment Phase, Post assessment Phase, Comparing Approaches to Vulnerability
Assessments, Characteristics of a Good Vulnerability Assessment Solution, Vulnerability Assessment
Considerations, Vulnerability Assessment Reports, Timeline, Types of Reports, Tools, Types of
Vulnerability Assessment Tools, Choosing a Vulnerability Assessment Tool, Vulnerability Assessment
Tools Best Practices, Vulnerability Assessment Tools
Unit V

Introduction to External Penetration Testing : Internal Testing, Steps for Conducting External
Penetration Testing, Recommendations for Internal Network Penetration Testing
Introduction to Internal Network Penetration Testing : External Intrusion Test and Analysis,
External Penetration Testing, Steps for Internal Network Penetration Testing
Unit VI

Introduction to Penetration Testing Deliverable : Penetration Testing Report, Summary of Test

Downloaded by vanitha Raja

 lOMoARcPSD|44045953

Execution, Scope of the Project, Results Analysis, Recommendations, Appendices, Client-Side Test
Reports, Client-Side Penetration Report, User Report, Test Reports on Web Applications, Sign-Off
Document
Introduction to Post-Testing Actions : Prioritize Recommendations, Develop an Action Plan,
Create a Process for Minimizing Instances of Misconfigurations, Apply Updates and Patches, Capture
Lessons Learned and Best Practices, Create Security Policies, Conduct Training, Conduct a Social
Engineering Class, Destroy the Penetration Testing Report

List of Practicals / Experiments:

Introduction to Nmap: Basic commands of Nmap, System scanning using nmap, interpretation of gathered
information using nmap

Vulnerability Scanning: System vulnerability scanning, identification of vulnerabilities

Introduction to Metasploit: Introduction to the tool, basic commands for searching, selection, parameter
configurations and deployment of exploits

System Exploitation: Exploitation of Windows XP system using known vulnerabilities

System Exploitation: Exploitation of Windows 7 system using known vulnerabilities

Spoofing: Exploiting systems using IP Spoofing and Mac Spoofing

Cross Site Scripting (XSS): Introduction to cross site scripting, identification of websites vulnerable to cross site
scripting

XSS vulnerabilities identification: Identification of XSS vulnerabilities in the websites and the way they could be
exploited

XSS Exploitation: Exploitation of XSS vulnerabilities using javascript

SQL Injection: Introduction to SQL injection, Automated SQL injection using SQLmap

Manual SQL Injection: Demonstration of manual SQL injection attacks

References:
1. CompTIA PENTEST+ STUDY GUIDE by MIKE CHAPPLE, SYBEX

2. THE PENETRATION TESTING PROCEDURES AND METHODOLOGIES by EC-COUNCIL, CENGAGE

LEARNING

Session 2021-22

Downloaded by vanitha Raja