Insegnamento mutuato da: B031963 - PENETRATION TESTING Laurea Magistrale in INFORMATICA Curriculum RESILIENT AND SECURE CYBER PHYSICAL SYSTEMS
Lingua Insegnamento
English
Contenuto del corso
The course aims at providing a general knowledge about the penetration testing process, methodologies and tools. The course starts by reviewing the basic concepts relevant to the course, and covers the common phases of the penetration testing process. The course has a hands-on approach.
Textbooks:
- Kali Linux Penetration Testing Bible, by Gus Khawaja, Wiley, 2021
- Penetration Testing: A Hands-On Introduction to Hacking, by Georgia Weidman, No Starch Press, 2014
Additional teaching material: slides presented during the course.
The course partially uses online materials and resources.
Obiettivi Formativi
KNOWLEDGE AND UNDERSTANDING
At the end of the course, the student should acquire knowledge and understanding of: the basic notions of penetration testing; the basic notions of virtualization and containerzation; the main features of Kali Linux.
APPLYING KNOWLEDGE AND UNDERSTANDING
At the end of the course, the student should be able to: set up a containerized/virtualized system via Docker and/or VirtualBox; apply penetration testing techniques via Kali linux tools to execute a basic penetration testing activity on a system.
MAKING JUDGEMENTS
At the end of the course, the student should be able to judge the severity of a detected vulnerability and identify the most adequate solution to exploit it.
COMMUNICATION SKILLS
At the end of the course, the student should be able to present penetration testing concepts and the result results of a penetration testing activity to others in a clear and competent way. student should be able also to document the results of a penetration testing activity by means of a professional report.
LEARNING SKILLS
At the end of the course, the student should be able to autonomously learn penetration testing techniques and tools not illustrated in the course.
Prerequisiti
None
Metodi Didattici
Class lectures, based on slides and demos. Classroom exercises. Classroom presentations made by students with the support of the teacher.
Altre Informazioni
The course takes place at the Centro Didattico Morgagni (Viale Morgagni 40-44, Firenze), according to the scheduled lesson timetable (https://kairos.unifi.it/agendaweb/).
Attendance at class lectures is not mandatory but is strongly recommended. The course website is available on the University platform (https://e-l.unifi.it/).
Office Hours: make an appointment by e-mail (francesco.tiezzi@unifi.it).
Modalità di verifica apprendimento
Learning outcomes are assessed using two different tests:
1. Written test, consisting of multiple-choice or short-answer questions that may cover all the topics presented during the course.
2. Practical test, consisting of a project whose topic must be agreed upon by the teacher and the student, which will be presented to the other students and orally discussed with the teacher.
The evaluation of each test is expressed with a mark out of thirty, with possible laude. A test is considered to be successfully passed if the assigned mark is at least eighteen. Provided both tests are sufficient, the final mark will be determined by the average of the two marks.
Each learning outcome is assessed in at least one of the two tests composing the exam.
The written test aims to evaluate: the student's acquisition of the knowledge and understanding of the topics covered during the lessons; the capability of reasoning on specific issues related to the penetration testing activity; the appropriate understanding and use of specialized vocabulary. The mark of the written test is determined by the number of correct answers to multiple-choice questions and the accuracy of the short answers.
The practical test aims to evaluate: the student's ability to use in practice penetration testing techniques and tools; the capability to judge the security posture of a system; the capability to autonomously learn new penetration testing techniques and tools; the student's communication skills, in terms of clarity of the presentation and ability to write a professional penetration testing report. The mark of the practical test is determined by the complexity of the project, the quality of the oral presentation, the quality of the report and the accuracy in the answers to the questions posed by the teacher during the discussion of the project.
Programma del corso
Course programme:
- penetration testing engagement rules;
- Kali Linux: features and installation;
- virtualization with VirtualBox and containerization with Docker;
- Bash scripting;
- passive information gathering and social engineering;
- advanced enumeration;
- vulnerability assessment;
- exploitation;
- post-exploitation;
- reporting.