This document provides details about the INT 245 Penetration Testing course. The course focuses on necessary skills for jobs in security, including footprinting, vulnerability scanning, system hacking, and penetration testing reports. Assessments include class tests, practical exams on topics like SQL injection and XSS, and a final integrated report. The course aims to help students understand rules of engagement, identify vulnerabilities, conduct ethical hacking, and suggest improvements. It contributes directly to student placements and involves skills like problem analysis, design, investigations, and tool usage. Recommended MOOCs could provide full or partial exemptions. Career prospects for students include positions as penetration testers in applications, cybersecurity, and networks.

1. INT 245
Penetration testing
Lecture 0

2. Course details
• LTP – 2 0 2
• Text Books
THE HACKER PLAYBOOK 2: PRACTICAL GUIDE TO PENETRATION TESTING by
PETER KIM, CREATESPACE INDEPENDENT PUBLISHING PLATFORM
• References:
COMPTIA PENTEST+ STUDY GUIDE: EXAM PT0-002, 2ND EDITION by MIKE
CHAPPLE, DAVID SEIDL, WILEY

3. STAR COURSE
This course is considered as a Star course because it has direct
contribution to the placements of students. It focuses on necessary skills
required for various job profiles in a company.

4. Course Outcomes
• Through this course students should be able to:
CO1 ::understand rules of engagement for safely conducting the penetration
Testing exercise within an organization
CO2 ::identify various footprinting techniques to enumerate a target
CO3 :: enumerate a vulnerability scan strategy in-line with organizational in-
scope requirements
CO4 :: demonstrate web application and mobile device exploitation using
different attacks
CO5 :: determine techniques used to conduct system hacking and launch
exploit code for remote access of a target
CO6 :: : illustrate different testing deliverables out of penetration testing
reports and suggest post corrective actions

5. Program Outcomes as specific to the particular course
• PO-1:Engineering knowledge::Apply the knowledge of mathematics, science, engineering fundamentals, and an engineering
specialization to the solution of complex engineering problems.
• PO-2: Problem analysis::Identify, formulate, research literature, and analyze complex engineering problems reaching substantiated
conclusions using first principles of mathematics, natural sciences, and engineering sciences.
• PO-3:Design/development of solutions::Design solutions for complex engineering problems and design system components or
processes that meet the specified needs with appropriate consideration for the public health and safety, and the cultural, societal, and
environmental considerations.
• PO-4:Conduct investigations of complex problems::Use research-based knowledge and research methods including design of
experiments, analysis and interpretation of data, and synthesis of the information to provide valid conclusions.
• PO-5: Modern tool usage::Create, select, and apply appropriate techniques, resources, and modern engineering and IT tools
including prediction and modeling to complex engineering activities with an understanding of the limitations
• PO-8:Ethics::Apply ethical principles and commit to professional ethics and responsibilities and norms of the engineering practice.
• PO-9:Individual and team work::Function effectively as an individual, and as a member or leader in diverse teams, and in
multidisciplinary settings.
• PO-12: Life-long learning::Recognize the need for, and have the preparation and ability to engage in independent and life-long
learning in the broadest context of technological change.
• PO-13: Competitive Skills::Ability to compete in national and international technical events and building the competitive spirit

6. Revised Bloom’s Taxonomy

7. The course
contents

8. List of practicals
• Introduction to Nmap: Basic commands of Nmap, System scanning using nmap,
interpretation of gathered information using nmap
• Vulnerability Scanning: System vulnerability scanning, identification of
vulnerabilities
• Introduction to Metasploit: Introduction to the tool, basic commands for
searching, selection, parameter configurations and deployment of exploits
• System Exploitation: Exploitation of Windows XP system using known
vulnerabilities
• Spoofing: Exploiting systems using IP Spoofing and Mac Spoofing
• Cross Site Scripting (XSS): Introduction to cross site scripting, identification of
websites vulnerable to cross site scripting
• XSS vulnerabilities identification: Identification of XSS vulnerabilities in the
websites and the way they could be exploited
• XSS Exploitation: Exploitation of XSS vulnerabilities using javascript
• SQL Injection: Introduction to SQL injection, Automated SQL injection using
SQLmap
• Manual SQL Injection: Demonstration of manual SQL injection attacks

9. Relevant resources
• Microsoft Word - NetCat_Intro.doc (tue.nl)
• Metasploit Course | Cybrary
• Scanning and Enumeration with NMAP Course | Cybrary
• Web Application Penetration Testing Course by Cydefe | Cybrary
• https://s3-us-west-2.amazonaws.com/stationx-public-
download/nmap_cheet_sheet_0.6.pdf
• What is SQL Injection? Tutorial & Examples | Web Security Academy
(portswigger.net)
• https://davidbombal.com/wireshark-tutorial-installation-and-
password-sniffing/
• https://www.exploit-db.com/google-hacking-database

10. Course Assessment Model
• Marks break up
• Attendance 5%
• CA 25%
• MTE 20%
• ETE 50%
• Total 100%
Three Class test – One before MTE and Two after MTE
CA 1-MCQs based questions-30 marks objective type questions carrying 1 mark each with no
negative marking
CA 2- BYOD practical-Based on CompTIA Pentest+ certification (one Practical question, job-
evaluation -15 marks and viva -15 marks )
CA 3- BYOD practical-30 Marks practical test. (Generating integrated Penetration testing report
on information gathering phase[5marks],scanning phase[10marks], exploiting the target [10 marks] and
suggesting remediation steps [5marks])

11. Recommended MOOCs course
Course
Code
Name of
MOOCs/Certifications LINK CA BENEFIT
INT245 CompTIA Pentest+ https://www.comptia.org/certifications/pentest Full course exempted
INT245
Beingcert Certified
Pentest Professional
https://www.beingcert.com/Certification/certified-
pentest-professional
All CAs +MTE
exempted
INT245
C|PENT(Certified Penetration
testing Professional)
https://www.eccouncil.org/train-certify/certified-
penetration-testing-professional-cpent/ Full course exempted
INT245
Cyber Security and
Privacy https://onlinecourses.nptel.ac.in/noc23_cs127/preview One CA exempted

12. Career prospects of Penetration Tester
• Application Penetration Tester
• Cyber Security Penetration Tester
• Network Penetration Tester
• Remote Penetration Tester