Late submission of any item of coursework for each day or part thereof (or for hard copy submission only, working day or part thereof) for up to five days after the published deadline, coursework relating to modules at Levels 0, 4, 5, 6 submitted late (including deferred coursework, but with the exception of referred coursework), will have the numeric grade reduced by 10 grade points until or unless the numeric grade reaches or is 40. Where the numeric grade awarded for the assessment is less than 40, no lateness penalty will be applied.
·Late submission of referred coursework will automatically be awarded a grade of zero (0).
·Coursework (including deferred coursework) submitted later than five days (five working days in the case of hard copy submission) after the published deadline will be awarded a grade of zero (0).
·Where genuine serious adverse circumstances apply, you may apply for an extension to the hand-in date, provided the extension is requested a reasonable period in advance of the deadline.
This Assignment assesses the following module Learning Outcomes:
Successful students will typically have a knowledge and understanding of:
1.The ethical issues relating to penetration testing and how to incorporate them operationally.
2.A deep and systematic application of the tools, methods and procedures (theoretical and methodological) used within the cyber security arena in the context of a penetration test
3.How to apply advanced and current concepts/issues of computer systems risks, vulnerabilities, threats analysis, and software security in the context of a penetration test
Successful students will typically be able to:
4.Critically analyse and evaluate security techniques used to protect complex heterogeneous environments and apply their findings for offering advice regarding solutions to decision makers
5.Use initiative for autonomously conducting and managing a penetration test, within a complex and unpredictable environment, demonstrating a systematic approach of creatively applying knowledge in unfamiliar contexts for solving problems
6.Work in teams (as leader or member) adapting to changing requirements for effectively communicating the results of a penetration test
Assignment Brief:
This is an individual assessment comprised of two tasks. Task 1 and task 2 carry 50% respectively of the overall portfolio mark. Task 1 will assess your understanding of the statutory and ethical issues surrounding penetration testing and also assess your understanding of the process itself. Task 2 will assess your ability to conduct a full-scale penetration test. You are expected to demonstrate an insight into the implications of the problem introduced in each task by using clear and concise arguments. You will receive formative feedback as part of the module to demonstrate how to be concise in your written work. Please ensure, in completing these tasks you deploy the techniques you have been taught. If you produce work that is not concise and to the point, then marks may be reduced. The reports should be well written (and word-processed), showing good skills in creativity and design. Sentences should be of an appropriate length and the writing style should be brief but informative. The deadline for the complete Portfolio is the 30.04.2020.
Task 1 – SOP for PenTesting
Task 1 is weighted at 50% of the overall portfolio mark. It is expected that this task of the portfolio will be the equivalent of 2000 words. You are expected to undertake research and critically compare the published penetration testing methodologies. You are expected to comment on the statutory and ethical considerations of a penetration tester. You are expected to design/develop a Standard Operating Procedure (SOP), including a decision-making tree, to describe how you will undertake task 2. In particular: intelligence gathering (target profiling), vulnerability identification and analysis, and target exploitation (including post exploitation). An SOP is defined as a set of step-by-step instructions compiled by an organisation to help workers carry out routine operations.
The DRAFT deadline for Task 1 is on the 12.03.2020 by electronic submission via Canvas. Your draft submission will be submitted via a plagiarism detection tool called Turnitin. Turnitin provides you individual feedback by enabling you to see where your work matches similar texts, you will also receive an overall ‘similarity score’ (i.e., a percentage of how much your work matches existing texts). You should use the feedback Turnitin provides to avoid unintentional plagiarism. Additionally, your work may be used as an example for the general feedback session. This session will provide the class with common mistakes and how to avoid them. The final copy of Task 1 should be included in the final Portfolio. If you fail to provide references using the Harvard referencing style as per the University regulations, your work will be marked as superficial and is unlikely to obtain a passing grade.
Task 1, Assessment Criteria Mark Available
PenTest Methodology Comparison 10
Statutory and legal consideration of a penetration tester 10
SOP (standard operating procedure) for PenTesting 15
Decision Making Tree for penetration testing depending on the sop in part 3 15
Task 2 – Penetration Test
Task 2 is weighted at 50% of the overall portfolio mark. It is expected that this task of the portfolio will be the equivalent of 2000 words. You are expected to conduct a penetration test against a target system that will be provided to you. You are required to present your findings in a factual manner to convince decision makers of a large corporation on business strategies. Do not provide a narrative of your intelligence gathering activities in the main report. You should include this in an appendix. You can use the VPN for undertaking this activity.
There is no DRAFT deadline for this Task. The FINAL deadline for Task 2 and for the WHOLE portfolio is on the 30.04.2020 by electronic submission via Canvas. If you fail to provide references using the Harvard referencing style as per the University regulations, your work will be marked as superficial and is unlikely to obtain a passing grade.
Task 2, Assessment Criteria
Group work reflection (Unit 3 – Scheduled practical session)
Attack Narrative (not an activity narrative)
Vulnerability Detail & Mitigation
Submission Requirements:
The Milestone report and Final Portfolio report must be submitted through Canvas. Please make a note of the following dates on your calendars.
You are expected to unify your work into one cohesive portfolio report. The final portfolio report is an academic report and as such the following report structure is expected:
3.References: one fused reference list. Do not have a separate reference list for each task of the portfolio,
You are required to submit the final portfolio report via Canvas in a PDF format using your student ID as the file name. This is imperative as the naming template will be used for corroborating the work in your reports with the log files your PenTest activities will generate
Please see the overall grade description on the last page of this document and the rubric published on Canvas.
A note to the Students:
·For undergraduate modules, a score above 40% represent a pass performance at honours level.
·For postgraduate modules, a score of 50% or above represents a pass mark.
·Modules may have several components of assessment and may require a pass in all elements. For further details, please consult the relevant Module Guide or ask the Module Leader.