Penetration Testing and Vulnerability Assesment
Computer Engineering (Ph.D.)
Institute of Natural and Applied Sciences
Third Cycle (Doctorate Degree)
| Course Unit Title | Course Unit Code | Type of Course Unit | Level of Course Unit | Year of Study | Semester | ECTS Credits |
|---|---|---|---|---|---|---|
| Penetration Testing and Vulnerability Assesment | BLM612 | Elective | Doctorate degree | 1 | Spring | 8 |
Name of Lecturer(s)
Prof. Dr. Yaşar BECERİKLİ
Prof. Dr. Nevcihan DURU
Learning Outcomes of the Course Unit
1) Discusses whether white hat (ethical) hackers can and can do legally.
2) Determines and plans the extent of penetration testing.
3) Scans the target network using up-to-date scanning techniques.
4) Detects vulnerabilities in target systems using vulnerability analysis tools.
5) Detects vulnerabilities in Microsoft and Linux Operating System.
6) Exploit vulnerabilities identified using vulnerability exploitation tools and exploitation codes.
7) Attack passwords after the exploitation phase.
8) Reports the findings obtained in the penetrations test.
9) Detect and bypass security controls, such as firewalls and intrusion prevention systems.
10) Sets a virtual penetration testing lab.
Program Competencies-Learning Outcomes Relation
| Program Competencies | |||||||||||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | ||
| Learning Outcomes | |||||||||||||
| 1 | Low | Middle | Low | No relation | Middle | Middle | Middle | Low | Low | No relation | Low | Low | |
| 2 | Low | Low | Middle | Middle | Middle | Middle | Middle | Middle | Middle | Middle | Middle | Low | |
| 3 | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
| 4 | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
| 5 | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
| 6 | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
| 7 | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
| 8 | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
| 9 | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
| 10 | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
Mode of Delivery
Face to Face
Prerequisites and Co-Requisites
None
Recommended Optional Programme Components
Not Required
Course Contents
Introduction to penetration testing. Penetration testing planning: determining scope and rules of engagement documentation. Penetration testing tools: setting up virtual up and toolset. Reconnaissance phase: open source intelligence, information gathering, correlation, verification, and prioritization. Scanning phase: enumeration, port scanning, and vulnerability analysis. Exploitation phase: manual exploitation, password cracking and Metasploit framework. Post-exploitation phase: Data gathering, network analysis, maintaining access, pivoting. Reporting phase: penetration test report structure and components. Bypassing security controls and avoiding detection.
Recommended or Required Reading
Planned Learning Activities and Teaching Methods
Assessment Methods and Criteria
Language of Instruction
Turkish
Work Placement(s)
Not Required