Note: All of the chapters are taken from the required textbook: "The Basics of Hacking and Pen Testing", Patrick Engebretson. Additional links and reading from internet sources will be added.
| Week | Topics | Reading | Publications |
| 1 | Intro: Syllabus, Attacks and Defense Mechanisms [slides], Pen Testing Lab Setup | Ch. 1, 2 from "The Basics of Hacking and Pen Testing" textbook, OWASP Attack Categorization | Trusting Trust |
| 2 | Vulnerability Assessment, Threat Model, STRIDE [slides] Reconnaisance Lab | Ch. 3, Attack Trees | Vulnerability Assessments: The Pro-active Steps to Secure Your Organization |
| 3 | Presentation: "Trusting Trust", Intrusion Detection [slides], Research in Cybersecurity [slides], Lab: Edurange & GENI setup account | Paper 1: The Base-Rate Fallacy and the Difficulty of Intrusion Detection , Paper 2: A Sense of Self for UNIX Processes | |
| 4 | Presentation: "A Sense of Self for UNIX Processes", IDS & IPS [slides], Lab: Scanning with Edurange | Firewalls paper 1 on quantitative study of misconfigurations, paper 2 on next generation firewalls | |
| 5 | Firewalls [slides], Scanning, Firewalls - lab | Linux packet filtering, Mirai Botnet | DDoS Taxonomies |
| 6 | Network Attacks[slides], DDoS Lab | Paper 1 by Staniford: "How to own the Internet in your spare time" Paper 2 by Bellovin: "Security Problems in the TCP/IP protocol suite" | |
| 7 | Network Security Protocols [slides], DDoS Lab, Midterm Review | ch. 4: "Exploitation" (at least up to p. 100) | |
| 8 | Midterm, Network Security Protocols, VPNs [slides] | Remaining ch.4 | |
| 9 | Spring Break | ||
| 10 | Web App Exploits, SQL Injection, XSS (video1, video2, slides) | Paper1 SigFree, Paper2 XSS Filters | |
| 11 | Metasploit, Web exploits; Project progress checkpoint | ch. 6 from textbook | SANS Securing the Human Report 2016, SE framework website: browse all the tabs of the SE framework and write a short summary for each one. |
| 12 | Stack exploits [slides] | ch. 5 | |
| 13 | Social Engineering [slides], SE framework, Maltego tutorial | HIPAA paper 1, Risk Assessment paper 2 | |
| 14 | Legal, Ethical, Professional issues [slides], Security Management and Risk Assessment[slides]; Project Q\&A | SANS Security controls paper (read up to p. 15) | |
| 15 | Security controls, plans and procedures[slides], NO CLASS April 26! | Class and homework review slides | |
| 16 | Final Exam on May 3, 6-9 pm: Project Presentations |