Ethical Hacking and Penetration Testing
2010-2011 - IMT3491 - 5 ECTS

On the basis of

IMT2282 Operating systems

Expected learning outcomes

The course will address the methodology of penetration testing, learning how penetration tests are
constructed and experimenting with penetration testing tools in the laboratory. The course will look at
vulnerabilities in software both at server and client side, with a high focus on network applications.

The students should after the end of the course have a good overview of how an effective penetration test
should take place and of the threats that exists towards software, networks, and network services. A
deeper analysis and a set of practical exercises will be the foundation for a deeper understanding into
some specific security vulnerabilities that exists.


  • Ethical Hacking and Penetration Testing – definitions
  • Penetration Testingx¨ Methodologies
  • Password attacks
  • Privilege escalation
  • Network mapping
  • Software vulnerabilities
  • Web application problems
  • XSS, parameters, persistence
  • SQLinjection
  • Data mining
  • Fuzzing

Teaching Methods

Group works
Laboratory work

Form(s) of Assessment

Written exam, 2 hours
Evaluation of Project(s)

Form(s) of Assessment (additional text)

  • Written exam (51%), depending on the number of students the exam might be oral
  • Project work (49%)
  • Both parts must be passed

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluation by the lecturer and external examiner

Re-sit examination

Ordinary re-sit examination

New project(s) at next course dates

Examination support


Coursework Requirements

2 approved exercises

Teaching Materials

Articles and book chapters. Specifics to be announced at course start.

Additional information

In case there will be less than 5 students that will apply for the course, it will be at the discretion of Studieprogramansvarlig whether the course will be offered or not an if yes, in which form.