CIS 4200 - Security Penetration Testing

College of Computer & Information Technology

Credit(s): 3
Contact Hours: 47
Effective Term Spring 2022 (600)

Requisites

Prerequisite CIS 2352 with a minimum grade of C and
(Admission to Technology Development and Management (Bachelor of Applied Science) (TMGT-BAS)
Subplan- CSDR or
Admission to Cybersecurity (Bachelor of Applied Science) (CYSEC-BAS))

Course Description

This course covers penetration testing and vulnerability assessment. Topics include compliance-based assessment planning and scoping, information gathering & vulnerability identification, attacks & exploits, penetration testing tools, and reporting and communication. This course contains foundational coverage in preparing for CompTIA's PenTest+. Students will need remediation to ensure success on the exam.

Learning Outcomes and Objectives

  1. Students will plan and score an assessment by:
    1. Explaining the importance of planning for an engagement
    2. Explaining key legal concepts
    3. Explaining the importance of scoping an engagement properly
  2. Students will perform vulnerability scanning and penetration testing using appropriate tools and techniques by:
    1. Conducting information gathering using appropriate techniques
    2. Performing a vulnerability scan
    3. Analyzing vulnerability scan results
    4. Explaining the process of leveraging information to prepare for exploitation
    5. Explaining weaknesses related to specialized systems
  3. Students will analyze attacks by:
    1. Comparing and contrasting social engineering attacks
    2. Exploiting network-based vulnerabilities
    3. Exploiting wireless and RF-based vulnerabilities
    4. Exploiting application-based vulnerabilities
    5. Exploiting local host vulnerabilities
  4. Students will master penetration testing tools by:
    1. Using nmap to conduct information gathering exercises
    2. Comparing and contrasting various use cases of tools
    3. Analyzing tool output or data related to a penetration test
    4. Analyzing a basic script
  5. Students will produce a written report of proposed remediation techniques by:
    1. Using report writing and handling best practices
    2. Explaining post-report delivery activities
    3. Recommending mitigation strategies for discovered vulnerabilities
    4. Explaining the importance of communication during the penetration testing process

Criteria Performance Standard

Upon successful completion of the course the student will, with a minimum of 70% accuracy, demonstrate mastery of each of the stated objectives through classroom measures developed by individual course instructors.

History of Changes

C&I Approval: 09/05/2019, BOT Approval: 09/24/2019, Effective Term: Spring 2020 (570). C&I Approval: , BOT Approval: , Effective Term: Summer 2021 (590).
C&I Approval: , BOT Approval: , Effective Term: Spring 2022 (600)

Related Programs

  1. Cybersecurity (CYSEC-BAS) (610) (Active)