| Effective Term: | 2025/05 |
| Institute / School : | Institute of Innovation, Science & Sustainability |
| Unit Title: | Vulnerability Assessment and Penetration Testing |
| Unit ID: | ITECH2507 |
| Credit Points: | 15.00 |
| Prerequisite(s): | (ITECH1502) |
| Co-requisite(s): | Nil |
| Exclusion(s): | Nil |
| ASCED: | 020113 |
| Other Change: | |
| Brief description of the Unit |
| This unit delves into Vulnerability Assessments (VAs) and Penetration Testing (Pen Testing), equipping students with advanced skills and deep knowledge to proactively identify and address security vulnerabilities in computer systems and networks. Analyze vulnerabilities, evaluate penetration testing methodologies, and design & execute ethical penetration tests. Explore advanced topics like cloud security and social engineering, then craft effective countermeasures and mitigation strategies. The unit concludes with penetration testing frameworks and report creation, culminating in a project where you apply your skills in a simulated environment. |
| Grade Scheme: | Graded (HD, D, C, P, MF, F, XF) |
| Work Experience Indicator: |
| No work experience |
| Placement Component: No |
| Supplementary Assessment: |
| Where supplementary assessment is available a student must have failed overall in the Unit but gained a final mark of 45 per cent or above, has completed all major assessment tasks (including all sub-components where a task has multiple parts) as specified in the Unit Description and is not eligible for any other form of supplementary assessment |
| Course Level: |
| Level of Unit in Course | AQF Level(s) of Course | | 5 | 6 | 7 | 8 | 9 | 10 | | Introductory | | | | | | | | Intermediate | | |  | | | | | Advanced | | | | | | |
|
| Learning Outcomes: |
| Knowledge: |
| K1. | Analyze the root causes of various system and network vulnerabilities, evaluating their potential impact on an organization's security posture. |
|
| K2. | Critically assess the strengths and limitations of different penetration testing methodologies, selecting the most appropriate approach based on specific security requirements. |
|
| K3. | Evaluate the effectiveness of discovered vulnerabilities in a penetration test, considering exploitability, potential consequences, and applicable legal and ethical considerations. |
|
| Skills: |
| S1. | Compare and contrast leading vulnerability assessment tools, critically evaluating their suitability for different network configurations and security needs. |
|
| S2. | Design and execute a comprehensive penetration test on a controlled environment, demonstrating ethical hacking practices and adherence to industry best practices. |
|
| Application of knowledge and skills: |
| A1. | Develop a comprehensive penetration testing report that clearly documents discovered vulnerabilities, their severity, potential impact, and recommended remediation strategies. |
|
| Unit Content: |
Topics may include:
1. Introduction to VAs & Pen Testing, Ethical Hacking Principles, Regulatory Compliance
2. Vulnerability assessment and penetration testing Life Cycle
3. Vulnerability Scanner Types & Methodologies
4. Prioritizing Vulnerabilities based on Severity & Exploitability
5. Reconnaissance Techniques like Information Gathering, and Footprinting
6. Enumeration Techniques like Identifying Services, Systems, Users
7. Gaining Initial Access (Exploiting Vulnerabilities, Social Engineering)
8. Privilege Escalation Techniques
9. Security Testing Techniques and Methodologies including web applications and wireless networks
10. Penetration Testing Frameworks & Reporting Standards |
| Graduate Attributes: |
| Federation University recognises that students require key transferable employability skills to prepare them for their future workplace and society. FEDTASKS (Transferable Attributes Skills and Knowledge) provide a targeted focus on five key transferable Attributes, Skills, and Knowledge that are be embedded within curriculum, developed gradually towards successful measures and interlinked with cross-discipline and Co-operative Learning opportunities. One or more FEDTASK, transferable Attributes, Skills or Knowledge must be evident in the specified learning outcomes and assessment for each FedUni Unit, and all must be directly assessed in each Course.
|
| FED TASK and descriptor | Development and acquisition of FEDTASKS in the Unit | Learning outcomes
(KSA) | Assessment task
(AT#) | FEDTASK 1
Interpersonal | Students will demonstrate the ability to effectively communicate, inter-act and work with others both individually and in groups. Students will be required to display skills in-person and/or online in: • Using effective verbal and non-verbal communication • Listening for meaning and influencing via active listening • Showing empathy for others • Negotiating and demonstrating conflict resolution skills • Working respectfully in cross-cultural and diverse teams. | A1 | AT4 | FEDTASK 2
Leadership | Students will demonstrate the ability to apply professional skills and behaviours in leading others. Students will be required to display skills in: • Creating a collegial environment • Showing self -awareness and the ability to self-reflect • Inspiring and convincing others • Making informed decisions • Displaying initiative | A1 | AT4 | FEDTASK 3
Critical Thinking and Creativity | Students will demonstrate an ability to work in complexity and ambiguity using the imagination to create new ideas. Students will be required to display skills in: • Reflecting critically • Evaluating ideas, concepts and information • Considering alternative perspectives to refine ideas • Challenging conventional thinking to clarify concepts • Forming creative solutions in problem solving. | K1-K3, S1-S2, A1 | AT1-AT4 | FEDTASK 4
Digital Literacy | Students will demonstrate the ability to work fluently across a range of tools, platforms and applications to achieve a range of tasks. Students will be required to display skills in: • Finding, evaluating, managing, curating, organising and sharing digital information • Collating, managing, accessing and using digital data securely • Receiving and responding to messages in a range of digital media • Contributing actively to digital teams and working groups • Participating in and benefiting from digital learning opportunities. | K1-K3, S1-S2, A1 | AT1-AT4 | FEDTASK 5
Sustainable and Ethical Mindset | Students will demonstrate the ability to consider and assess the consequences and impact of ideas and actions in enacting ethical and sustainable decisions. Students will be required to display skills in: • Making informed judgments that consider the impact of devising solutions in global economic environmental and societal contexts • Committing to social responsibility as a professional and a citizen • Evaluating ethical, socially responsible and/or sustainable challenges and generating and articulating responses • Embracing lifelong, life-wide and life-deep learning to be open to diverse others • Implementing required actions to foster sustainability in their professional and personal life. | K3, S2, A1 | AT2 |
|
| | Learning Outcomes Assessed | Assessment Tasks | Assessment Type | Weighting | | 1. | K1-K3 | Weekly Quizzes: Short quizzes at the end of each week will assess students' understanding of key concepts covered in lectures. | Quizzes | 10%-30% | | 2. | S1-S2 | Lab Reports: Following each hands-on lab session, students will submit a lab report documenting their work. Reports should detail the tools used, the procedures followed, the results obtained, and any challenges encountered. | Lab Reports | 20%-40% | | 3. | K1-K3, S1-S2 | Midterm Exam: A comprehensive midterm exam will assess students' understanding of the material covered in the first half of the unit. This exam may include a mix of multiple-choice, short-answer, and scenario-based questions. | Midterm Exam | 10%-30% | | 4. | A1 | Final Project: The culminating assessment is a final project where students will choose one of the two options: Project Option 1 (Vulnerability Assessment) Project Option 2 (Penetration Testing) | Final Project | 20%-40% |
|
Professional Standards / Competencies: |
| | Standard / Competency | | 1. | Skills Framework for the Information Age (SFIA): Version 8 |
|
| Attribute | Assessed | Level | | Strategy and architecture | | Security and privacy | | | VURE Vulnerability research (Levels 3 - 6) Conducting applied research to discover, evaluate and mitigate new or unknown security vulnerabilities and weaknesses. | | Yes | 3 | | Delivery and operation | | Security services | | | VUAS Vulnerability assessment (Levels 2 - 5) Identifying and classifying security vulnerabilities in networks, systems and applications and mitigating or eliminating their impact. | | Yes | 5 | | | PENT Penetration testing (Levels 3 - 6) Testing the effectiveness of security controls by emulating the tools and techniques of likely attackers. | | Yes | 5 |
| | 2. | Australian Computer Society - Core Body of Knowledge: 2023 accreditation |
|
| Attribute | Assessed | Level | | Core ICT Knowledge | |
ICT Fundamentals
| | |
Computational thinking: situation analysis and modelling using a range of methods and patterns to frame it so a computer system could operate effectively within it
| | Yes | Intermediate | | |
Design thinking: methods and tools that are used for handling abstraction could vary a great deal with the branch of ICT, from circuit diagrams to data modelling tools to business process modelling
| | Yes | Intermediate | |
Application Systems
| | |
Application context where specifically linked to ICT: Domain attributes (e-health, e-business, transport and logistics, agriculture, e-government, etc), language and cultural factors, users work practices and organisational contexts
| | Yes | Intermediate | |
Cyber Security
| | |
Nature of Cyber Security: forms of attack, prevention, detection, mitigation and repair
| | Yes | Intermediate | | |
Information assets to be secured (hardware, networks, software, data) and the different means of securing them, cryptography
| | Yes | Intermediate |
|
|