VULNERABILITY ASSESSMENT E PENETRATION TESTING (VAPT)

1. Knowledge and understanding. Students will get to grips with the vulnerability assessment and penetration testing activity.
2. Applying knowledge and understanding. Students will complete their fundamental security knowledge with the practical applications of the tools for vulnerability assessment and penetration testing.
3. Making judgements. Students will become experts in evaluating the robustness of a given target system by means of the application of relevant tools and of the exploitation of known vulnerabilities.
4. Communication skills. Students will familiarise with the concepts of vulnerability assessment and penetration testing, also building up their skills to communicate the outcomes of such activity both orally and in writing.
5. Learning skills. Students will get the critical attitude and competences to define and execute sessions of vulnerability assessment and penetration testing.

Teaching consists of traditional upfront classes, enriched with a variety of practical applications demonstrated during class. The final exam requires passing an individual, practical project and an oral interview.

Should teaching be carried out in mixed mode or remotely, it may be necessary to introduce changes with respect to previous statements, in line with the programme planned and outlined in the syllabus. Learning assessment may also be carried out on line, should the conditions require it.

• Prerequisites and real-world outlook. Legal foundations of VAPT. Differences VA vs. PT. Testing in the wild vs Contract activity vs Bug Bounty Program. VAPT contract specimen, Bug Bounty specimen policy.

• VAPT phases: Information Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post-Exploitation, Reporting.

• VAPT types: Traditional PT, Red Team vs Blue Team (cyber exercise). Blue Team aware vs Blue Team not aware.

• VAPT methodologies. PTES. OWASP. OSSTMM. ISSAF. NISTSP800-115

• Kali Linux. VAPT environment.

• Information Gathering. OSINT: data centers, offices, partners, individuals, emails, domain names, on-location gathering

• Threat Modeling- Security boundaries.

• Vulnerability assessment. Useful tools, active testing (OpenVAS, Nessus), passive testing (Wireshark, tcpdump). Licence types.

• Exploitation Bypass AV/Firewall. Assisted: Metasploit, fuzzing tools. Manual: Reverse shell, Buffer Overflow, SQLi, XSS, CSRF, SSRF, RCE, Path Traversal, Code/Template Injection. Tailoring of existing exploits. Social Engineering. Privilege escalation. Audio/video capture, data exfiltration. Evasion techniques.

• Post-exploitation. Lateral movement. Uninstalling software. Remote system access. Deleting logs. Obtaining/extracting and cracking password hashes.

• Reporting. Layout for technical report and executive report. Scoring the exploited vulnerabilities. Risk assessment and risk mitigation

• Capture The Flag

1. David Basin, Patrick Schaller, Michael Schläpfer "Applied Information Security", 2011, Springer

2. Peter Kim “The Hacker Playbook 3, Practical Guide to Penetration Testing”, 2018, Secure Planet LLC