Unit Outline
ZAT215
Offensive Cyber Security and Penetration Testing
Semester 1, 2024
Lachlan Hardy
University College
College of Business and Economics
CRICOS Provider Code: 00586B
Unit Coordinator
Lachlan Hardy
Email: Lachlan.Hardy@utas.edu.au
 
What is the Unit About?
Unit Description
This unit introduces you to the practical approaches taken in penetration testing – simulating aggressors in a cyber security penetration testing environment. The unit will be practical task focused and allow you to explore the penetration testing process from inception to completion with a focus on three key areas: legal and ethical considerations; conducting simulated penetration testing; and reporting findings. This unit builds on concepts of learning through practice in Year 1 of study by introducing you to more complex learning experiences. You will be introduced to: - discipline-based skills and knowledge in dynamic practice situations. This will include authentic and purposeful, industry-related experiences - concepts of managing effective relationships and communicating with others - the development and use of adaptive leadership skills and how these skills relate to innovative and entrepreneurial practice - the nature of responsible, accountable and reflective workplace skills, and creative and critical thinking relevant to para-professional practice. You will exercise self-awareness, initiative and judgement to manage yourself and professional relationships effectively.
Intended Learning Outcomes
As per the Assessment and Results Policy 1.3, your results will reflect your achievement against specified learning outcomes.
On completion of this unit, you will be able to:
1.
1. Analyse the legal and ethical aspects of offensive cyber security
2.
2. Apply the basic steps of penetration testing
3.
3. Communicate information from a penetration testing process
Requisites
REQUISITE TYPE
REQUISITES
Anti-requisite (mutual excl)
ZAT205
Alterations as a result of student feedback
To Be Determined
 
 
Teaching arrangements
ATTENDANCE MODE
TEACHING TYPE
LEARNING ACTIVITY
CONTACT HOURS
FREQUENCY
Online
Tutorial (Online)
Two-hour tutorials weeks 1 - 3 and 5 – 9 and 10 - 12
2
StudyPeriod 11 times
Attendance / engagement expectations
If your unit is offered On campus, it is expected that you will attend all on-campus and onsite learning activities. This is to support your own learning and the development of a learning community within the unit. If you are unable to attend regularly, please discuss the situation with your course coordinator and/or our UConnect support team.

If your unit is offered Online, it is expected you will engage in all those activities as indicated in the Unit Outline, including any self-directed learning.

If you miss a learning activity for a legitimate reason (e.g., illness, carer responsibilities) teaching staff will attempt to provide alternative activities (e.g., make up readings) where it is possible.
 
 
 
 
How will I be Assessed?
 
For more detailed assessment information please see MyLO.
Assessment schedule
ASSESSMENT TASK #
ASSESSMENT TASK NAME
DATE DUE
WEIGHT
LINKS TO INTENDED LEARNING OUTCOMES
Assessment Task 1:
Penetration Testing Agreement
Week 4
30 %
LO1, LO2, LO3
Assessment Task 2:
Testing in SImulated Environments
Week 11
40 %
LO1, LO2, LO3
Assessment Task 3:
Debrief and Report
Week 14
30 %
LO1, LO2, LO3
 
Assessment details
    
Assessment Task 1: Penetration Testing Agreement
Task Description:
You will apply your knowledge of the penetration testing process to create a penetration testing agreement. You will identify the correct tools and techniques, relevant legal and ethical considerations, and relevant processes for the client. You will only consider these things from the technical perspective in writing your penetration testing agreement.

Task Length:
Maximum of 8 A4 pages
Due Date:
Week 4
Weight:
30 %
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Develop logical and structured client focused documentation
LO3
2
Analyse ethical aspects of client focused penetration testing
LO1
3
Analyse legal aspects of client focused penetration testing
LO1
4
Analyse technical aspects of client focused penetration testing
LO2
5
Apply discipline knowledge to plan a penetration test
LO2
 
Assessment Task 2: Testing in SImulated Environments
Task Description:
In pre-approved simulated environments you will conduct a penetration testing process. You will write a report that describes the techniques that you have used and the outcomes of the testing process.
You will also include a self-reflection report as a separate document that details your strengths and weaknesses in the process.

Task Length:
Penetration testing report: Maximum of 2000 Words Self-reflection document: Maximum 500 Words
Due Date:
Week 11
Weight:
40 %
 
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Describe the penetration testing plan and processes
LO2
2
Apply penetration testing techniques to find appropriate information in a system
LO2
3
Develop client focused documentation to report a penetration testing process
LO3
4
Communicate ideas, information, and key findings from the testing process
LO3
5
Engage in reflective practice to evaluate strategies and future considerations for penetration testing
LO1
 
Assessment Task 3: Debrief and Report
Task Description:
You will be provided with a technical penetration testing report and you will write a client debrief. The debrief will detail what was done during the penetration testing process, what vulnerabilities were found and how they were found, and any recommendations.

Task Length:
Maximum 2500 words
Due Date:
Week 14
Weight:
30 %
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Interpret and analyse penetration testing documentation
LO2
2
Develop client focused industry-based documentation
LO3
3
Evaluate tools, techniques, and processes for legal and ethical purposes
LO1
4
Develop cyber security recommendations based on industry best practice
LO3
5
Communicate technical information to a broad audience
LO3
 
 
 
How your final result is determined
To pass this unit, you need to demonstrate your attainment of each of the Intended Learning Outcomes, achieve a final unit grade of 50% or greater, and pass any hurdle tasks.
 
Submission of assignments
Where practicable, assignments should be submitted to an assignment submission folder in MYLO. You must submit assignments by the due date or receive a penalty (unless an extension of time has been approved by the Unit Coordinator). Students submitting any assignment in hard copy, or because of a practicum finalisation, must attach a student cover sheet and signed declaration for the submission to be accepted for marking.
 
Requests for extensions
If you are unable to submit an assessment task by the due date, you should apply for an extension.
 
A request for an extension should first be discussed with your Unit Coordinator or teaching support team where possible. A request for an extension must be submitted by the assessment due date, except where you can provide evidence it was not possible to do so. Typically, an application for an extension will be supported by documentary evidence: however, where it is not possible for you to provide evidence please contact your Unit Coordinator.
 
The Unit Coordinator must notify you of the outcome of an extension request within 3 working days of receiving the request.
Late penalties
Assignments submitted after the deadline will receive a late penalty of 5% of the original available mark for each calendar day (or part day) that the assignment is late. Late submissions will not be accepted more than 10 calendar days after the due date, or after assignments have been returned to other students on a scheduled date, whichever occurs first. Further information on Late Penalties can be found on the Assessments and Results Procedure.
 
Review of results and appeals
You are entitled to ask for a review of the marking and grading of your assessment task if there is an irregularity in the marking standards or an error in the process for determining the outcome of an assessment. Details on how to request a review of a mark for an assignment are outlined in the Review and Appeal of Academic Decisions Procedure.
 
 
 
Required Resources
Required reading materials
 
 
Recommended reading materials
 
 
Other required resources
A student subscription to TryHackMe