VULNERABILITY ASSESSMENT AND PENETRATION TESTING
Academic Year 2024/2025 - Teacher: SERGIO ESPOSITOExpected Learning Outcomes
- Knowledge and understanding. Students will get to grips with the vulnerability assessment and penetration testing activity.
- Applying knowledge and understanding. Students will complete their fundamental security knowledge with the practical applications of the tools for vulnerability assessment and penetration testing.
- Making judgements. Students will become experts in evaluating the robustness of a given target system by means of the application of relevant tools and of the exploitation of known vulnerabilities.
- Communication skills. Students will familiarise with the concepts of vulnerability assessment and penetration testing, also building up their skills to communicate the outcomes of such activity both orally and in writing.
- Learning skills. Students will get the critical attitude and competences to define and execute sessions of vulnerability assessment and penetration testing.
Course Structure
Slides projected during the lessons are available on the Teams channel dedicated to the course. Teams Code: r1lzo7s
Required Prerequisites
The course "Programmazione II e Laboratorio" is a mandatory prerequisite for this course.
Moreover, for an adequate understanding of the course, the following prerequisites are recommended:
- Basics of computer networks;
- Fundamentals of databases;
- Basics of computer architectures;
- Basic knowledge of the main web programming languages, both front-end and back-end.
Attendance of Lessons
Detailed Course Content
The Vulnerability Assessment and Penetration Testing (VAPT) course provides an in-depth understanding of the techniques and methodologies required to identify and exploit vulnerabilities in computer systems, with a particular focus on legal and practical aspects.
The course begins with an introduction to VAPT, explaining the differences between Vulnerability Assessment (VA), which focuses primarily on identifying vulnerabilities using automated tools, and Penetration Testing (PT), which is more centered on the exploitation, chaining, and manual discovery of these vulnerabilities to assess a system's security. Legal requirements related to such security activities and bug bounty programs, which offer rewards for identifying and reporting vulnerabilities, are also covered.
Next, the main methodologies for conducting VAPT activities are introduced, as well as best practices for performing effective security tests. The course then describes the different phases of VAPT, from defining the initial requirements to post-exploitation activities and subsequent reporting by the tester.
In more detail, the course covers techniques such as Information Gathering and OSINT (Open Source Intelligence), which are essential for collecting information on potential targets before executing an attack. In parallel, the concept of Threat Modeling is introduced, which involves analyzing the potential threats and vulnerabilities of a system, even theoretical ones, based on the adversaries' knowledge and capabilities.
A practical aspect of the course focuses on the ability to modify existing exploits to adapt them to specific contexts, making attacks more effective. The course also includes a module on Social Engineering, explaining how human behavior can be exploited to obtain information or access to systems.
During the Post-Exploitation phase, the course explores advanced techniques such as lateral movement, where the attacker navigates within a compromised network, privilege escalation to gain access to administrative functions, log deletion to avoid detection, data exfiltration, password cracking, and evasion of Antivirus (AV), Firewall, and Endpoint Detection and Response (EDR) systems, among others.
Finally, the course concludes with the critical phase of reporting, where students learn to document the results of their VAPT activities clearly and accurately, providing the VAPT client with a comprehensive assessment of the discovered vulnerabilities and potential solutions. The course also explores the use of offensive security-oriented operating systems, such as Kali Linux, which, although not essential, provide specific tools for these activities.
Textbook Information
David Basin, Patrick Schaller, Michael Schläpfer "Applied Information Security", 2011, Springer
Peter Kim “The Hacker Playbook 3, Practical Guide to Penetration Testing”, 2018, Secure Planet LLC
Course Planning
Subjects | Text References | |
---|---|---|
1 | Introduction to VAPT | Educational material given by the lecturer, online resources and aforementioned textbooks |
2 | VAPT phases | Educational material given by the lecturer, online resources and aforementioned textbooks |
3 | Offensive security activities | Educational material given by the lecturer, online resources and aforementioned textbooks |
4 | VAPT methodologies | Educational material given by the lecturer, online resources and aforementioned textbooks |
5 | Offensive Security oriented Operating Systems | Educational material given by the lecturer, online resources and aforementioned textbooks |
6 | Information Gathering and OSINT | Educational material given by the lecturer, online resources and aforementioned textbooks |
7 | Threat Modeling | Educational material given by the lecturer, online resources and aforementioned textbooks |
8 | Vulnerability Assessment | Educational material given by the lecturer, online resources and aforementioned textbooks |
9 | Common vulnerabilities and their exploitation | Educational material given by the lecturer, online resources and aforementioned textbooks |
10 | Tailoring of existing exploits | Educational material given by the lecturer, online resources and aforementioned textbooks |
11 | Social Engineering | Educational material given by the lecturer, online resources and aforementioned textbooks |
12 | Post-exploitation actions | Educational material given by the lecturer, online resources and aforementioned textbooks |
13 | Reporting | Educational material given by the lecturer, online resources and aforementioned textbooks |
Learning Assessment
Learning Assessment Procedures
- Implementation project.
- Oral examination.
Examinations may take place remotely, if required by the circumstances.
Students with disabilities and/or learning disorders (DSA) must contact the lecturer and the CInAP representative at DMI well in advance of the exam date to inform them of their intention to take the exam with the appropriate compensatory measures.
For the assignment of grades for individual assessments, the following criteria are typically followed:
- Fail: The student has not acquired the basic concepts and is unable to answer questions or complete the exercises.
- 18-23: The student demonstrates a minimal mastery of the fundamental concepts; their ability to present and connect content is modest, and they can solve simple exercises.
- 24-27: The student shows a good grasp of the course content; their ability to present and connect the content is good, and they solve exercises with few errors.
- 28-30 with honors: The student has acquired all course content and can present them comprehensively with a critical perspective; they solve exercises completely and without errors.
Examples of frequently asked questions and / or exercises
- Implementation project: simulate a VAPT activity on a testing environment and write a formal report on said activity.
- Oral examination: explain why escaping all special characters from a user input might not protect a service from SQL Injection.