Arcangelo CASTIGLIONE | PENETRATION TESTING AND ETHICAL HACKING
Arcangelo CASTIGLIONE PENETRATION TESTING AND ETHICAL HACKING
cod. 0522500081
PENETRATION TESTING AND ETHICAL HACKING
| 0522500081 | |
| COMPUTER SCIENCE | |
| EQF7 | |
| COMPUTER SCIENCE | |
| 2024/2025 |
| OBBLIGATORIO | |
| YEAR OF COURSE 2 | |
| YEAR OF DIDACTIC SYSTEM 2016 | |
| SPRING SEMESTER |
| SSD | CFU | HOURS | ACTIVITY | |
|---|---|---|---|---|
| INF/01 | 7 | 56 | LESSONS | |
| INF/01 | 2 | 16 | LAB |
| Objectives | |
|---|---|
| The course introduces the fundamental concepts of penetration testing and ethical hacking and delves into the methodologies, techniques, and main tools necessary to manage a typical penetration testing process. The course aims to provide students with the required skills to be network security professionals and, in particular, penetration testing experts. The teaching aims to provide a robust, practical, and useful understanding of how hackers work and how their methods and tools can be used to protect computer systems from attacks. The students will get the technical and methodological background that will allow them to assess the state and requirements in terms of security of complex systems, in light of specific compliance and certification requirements, by understanding the existing vulnerabilities. Finally, the students will learn what is necessary to make complex systems safe, preventing the main threats and the main malfunctions that could influence the correct operation of these systems. KNOWLEDGE AND UNDERSTANDING •Main concepts and main peculiarities underlying hacking and ethical hacking •Main types of security testing, the types of penetration testing and the main testing methodologies •Main concepts necessary for planning and managing a penetration testing process, with particular emphasis on the procedures and "best practices" that the penetration tester should follow when interacting with their client •Main operating systems used for a penetration testing process •Main concepts, main methodologies and main tools commonly used to conduct all the phases of a typical penetration testing process •Main concepts, main methodologies and main tools widely used to perform the penetration testing of a web-based asset •Main concepts, the main methodologies and the main tools commonly used to conduct the penetration testing of a wireless-based asset •Main types of documentation and reporting to be produced at the end of each phase of a typical penetration testing process APPLYING KNOWLEDGE AND UNDERSTANDING •Assess the weaknesses and potential vulnerabilities within ICT systems and infrastructures, through assessment techniques and critical analysis of the services being protected, identifying possible accident scenarios, to foresee any countermeasures and strategies for periodic updating and protection •Explain and use the standard methodologies for performing network security checks and penetration tests •Use standard tools used by network security professionals for conducting network security checks and penetration tests •Identify, evaluate and explain the security threats present in a given asset, by using the related exploits and vulnerabilities •Perform penetration tests that comply with international standards •Develop the targeted documentation, to be provided to the technical (CTO) and executive (CEO) counterparts, illustrating all aspects of the security checks carried out through the penetration tests that have been performed. |
BETA VERSION Data source ESSE3 [Ultima Sincronizzazione: 2025-01-27]
