CYB 401: Systems Vulnerability Assessment and Testing

Learning Outcomes
At the end of this course, students should be able to:
1. define systems vulnerability, assessment methods and the testing methods using
techniques to effectively identify and mitigate risks to the security of a company’s
infrastructure;
2. describe penetration testing methodologies, practice test planning and scheduling;
3. assess information gathering, password cracking penetration testing and security analysis;
4. examine the social engineering penetration testing and security analysis, internal and
external penetration testing and security analysis, router penetration testing and security
analysis, and effectively report and document results;
5. evaluate operating systems fingerprinting and remote network mapping, software and
operational vulnerabilities, how to overcome these vulnerabilities; and
6. execute attack surface analysis, fuzz testing, patch management, and security auditing.

Course Contents
Definition of systems vulnerability. Methods and the testing methods using different
techniques. Mitigation of risks and how to enhance the security of a company’s infrastructure.
Penetration testing methodologies, test planning and scheduling. Information gathering.
Password cracking. Penetration testing and security analysis. Social engineering, Internal and
external penetration testing. Router penetration testing, security analysis, reporting and
documentation. Operating systems fingerprinting. Remote network mapping. Software and
operational vulnerabilities. Attack surface analysis. Fuzz testing. Patch management. Security
auditing.

Lab work:
Practical exercise on systems vulnerability, assessment methods and the testing
methods using techniques to effectively identify and mitigate risks to the security of a
company’s infrastructure. Perform penetration testing using various methodologies, along with
the test planning and scheduling. Work on password cracking and social engineering
penetration testing and security analysis. Identify software and operational vulnerabilities in
a given environment and how to overcome these vulnerabilities. Execute attack surface
analysis, fuzz testing, patch management, and perform security auditing.