PENETRATION TESTING : Securing Systems by Simulating Real Attacks
ABOUT THE COURSE
The Penetration Testing course is a specialized cyber security program designed to teach students how to identify, test, and report security vulnerabilities in computer systems, networks, and applications using authorized and ethical methods.
The course focuses on real-world attack simulation, enabling learners to understand how attackers think and how organizations can strengthen their defenses. Emphasis is placed on methodology, risk assessment, and professional reporting, ensuring learners gain both technical knowledge and ethical responsibility.
Course Objectives
-
Understand penetration testing concepts and methodologies
-
Identify vulnerabilities in systems and applications
-
Perform authorized security testing
-
Analyze risks and recommend remediation
-
Follow legal and ethical standards
Course Coverage
-
Penetration testing fundamentals
-
Networking and operating system basics
-
Information gathering and vulnerability assessment
-
Web and network security testing
-
Cloud and modern infrastructure security
-
Penetration testing tools overview
-
Reporting and documentation
Definition of penetration testing
Importance of penetration testing
Ethical hacking vs penetration testing
Types of penetration testing
Network
Web application
Wireless
Cloud
Legal permission & scope
Penetration testing standards (PTES, OWASP, NIST)
OSI & TCP/IP models
IP addressing & subnetting basics
TCP vs UDP
Common ports & protocols
Network devices (Router, Switch, Firewall)
VPN fundamentals
Windows
Windows architecture
Users, groups & permissions
Windows security mechanisms
Linux
Linux file system
Users & groups
File permissions
Basic Linux commands
Pre-engagement & planning
Reconnaissance techniques
Scanning & enumeration
Vulnerability analysis
Exploitation (conceptual)
Post-exploitation overview
Cleanup & reporting
Passive vs active reconnaissance
Footprinting concepts
DNS & domain information
IP and network mapping
Open Source Intelligence (OSINT)
Network scanning concepts
Port & service scanning
Version detection
OS fingerprinting
Enumeration of users & services
Vulnerability concepts
CVE, CVSS & NVD
Common system misconfigurations
Patch management basics
Automated vs manual testing
Web application architecture
HTTP/HTTPS concepts
Cookies & sessions
Authentication & authorization
OWASP Top 10 vulnerabilities
SQL Injection
Cross-Site Scripting (XSS)
CSRF
Broken authentication
Security misconfiguration
Network attack concepts
Sniffing & spoofing (theory)
Man-in-the-Middle (MITM)
Wireless security protocols
Secure wireless configurations
Password storage mechanisms
Hashing & salting
Password attack concepts
Multi-factor authentication
Secure password policies
Exploits vs vulnerabilities
Privilege escalation overview
Maintaining access (conceptual)
Lateral movement (overview)
Risk mitigation strategies
Nmap
Metasploit Framework
Burp Suite
Wireshark
Nessus / OpenVAS
Cloud computing basics
Shared responsibility model
Common cloud misconfigurations
Container & Docker security basics
Overview of DevSecOps
Importance of penetration testing reports
Executive summary
Risk severity & impact analysis
Technical findings
Remediation recommendations