Hochschule Darmstadt - Fb Informatik

Drucken| Layout| Design| Schriftgröße English|
Modulbeschreibung
Course:Penetration Testing
Attached to module:
Penetration Testing deutsch 30.2608
Module numbers:30.2606 [PVL 30.2607; Module 30.26060]
Language:english
Study programme:Bachelor 2014 - Katalog I: Anwendungs- und systemorientierte Module
Bachelor dual KITS 2014 - Katalog ITS: IT-Sicherheit
Bachelor dual KoSI 2014 - Katalog I: Anwendungs- und systemorientierte Module
Bachelor KMI 2014 - Katalog I: Anwendungs- und systemorientierte Module
Type of course:V+P = Lecture+Practical
Weekly hours:2+2
Credit Points:5
Exam:written exam
Registering for examexplicitly and independent of booking
PVL (e.g. Practical):graded (graded report)
PVL percentage:50%
Frequency of offering:each year (lastly in WS 2018/2019)
Required knowledge:Operating systems, Networking, Developing of web applications, Distributed systems
Learning objectives:The students
  • are familiar with tools and techniques for identifying and exploiting vulnerabilities,
  • can perform reproducible, technical security analyses of IT infrastructures,
  • can perform a risk-weighted assessment of vulnerabilities,
  • can write the results of a technical security analysis in a structured report.
Content:
  • Differences between hacking and penetration testing
  • Classification of penetration tests (White-, Gray- und Blackboxtest)
  • Penetration Testing Standards, e.g. OWASP (Open Web Application Security Project), OSSTMM (Open Source Security Testing Methodology Manual)
  • Anatomy of an attack - from information gathering to exploitation of a vulnerability
  • Risk assessment of identified vulnerabilities
  • Structure of documentation and reporting
Literature:P. Engebretson; The Basics of Hacking and Penetration Testing; Syngress; 2013
P. Engebretson; Hacking Handbuch: Penetrationstests planen und durchführen; Franzis Verlag; 2015
M. Ruef; Die Kunst des Penetration Testing - Handbuch für professionelle Hacker; C & L; 2007
BSI https://ww​w.bsi.bund​.de/DE/Pub​likationen​/Studien/P​entest/ind​ex_htm.htm​
OWASP Testing Guide https://ww​w.owasp.or​g/index.ph​p/OWASP_Te​sting_Proj​ect​
OSSTMM http://www​.isecom.or​g/research​
Metasploit Unleashed https://ww​w.offensiv​e-security​.com/metas​ploit-unle​ashed/​
Lecture style / Teaching aids:Seminar lecture, script
Responsibility:Harald Baier
Released:WS 2019/2020

[Fachbereich Informatik] [Hochschule Darmstadt]
© 2008 - 2019 FBI OBS Team. Alle Rechte vorbehalten.