ELECTIVE COURSE -> not offered every semester
Learning objectives:
Knowledge:
Definition and classification of hacking and penetration testing
Relevant standards for risk assessment
Best practices for documentation and reporting
Tools and techniques for identifying and exploiting vulnerabilities
Skills:
Identification of vulnerabilities in IT systems and their exploitation
Risk assessment of vulnerabilities
Documentation of the results
Competencies:
Performing a reproducible, technical security analysis of IT infrastructures
Generation of a structured report on the results of a technical security analysis of IT infrastructures
Teaching content:
Differences between hacking and penetration testing
Classification of a penetration test (white, gray and black box test)
Penetration testing standards, e.g. OWASP (Open Web Application Security Project), OSSTMM (Open Source Security Testing Methodology Manual)
Anatomy of an attack - from gathering information to exploiting a vulnerability
Risk assessment of identified vulnerabilities
Structure of documentation and reporting
