COMPX519-21B (HAM)

Malware Analysis and Penetration Testing

15 Points

Edit Header Content
Division of Health Engineering Computing & Science
School of Computing and Mathematical Sciences
Department of Computer Science

Staff

Edit Staff Content

Convenor(s)

Lecturer(s)

Administrator(s)

: rachael.foote@waikato.ac.nz

Placement/WIL Coordinator(s)

Tutor(s)

Student Representative(s)

Lab Technician(s)

Librarian(s)

: alistair.lamb@waikato.ac.nz

You can contact staff by:

  • Calling +64 7 838 4466 select option 1, then enter the extension.
  • Extensions starting with 4, 5, 9 or 3 can also be direct dialled:
    • For extensions starting with 4: dial +64 7 838 extension.
    • For extensions starting with 5: dial +64 7 858 extension.
    • For extensions starting with 9: dial +64 7 837 extension.
    • For extensions starting with 3: dial +64 7 2620 + the last 3 digits of the extension e.g. 3123 = +64 7 262 0123.
Edit Staff Content

Paper Description

Edit Paper Description Content

In practical cyber security landscape two main complementary approaches have evolved; offensive security and defensive security. In this paper we will cover the defensive security topic of malware analysis to understand, analyse and detect malicious code. We will further cover offensive security techniques of SQL injection and cross site scripting in depth which are useful when performing penetration testing. Knowledge of such offensive and defensive security approaches is an essential part of software engineering.

Edit Paper Description Content

Paper Structure

Edit Paper Structure Content
The paper is taught through lectures. The lectures will also be recorded through Panopto/Zoom and will be available on Moodle.
Edit Paper Structure Content

Learning Outcomes

Edit Learning Outcomes Content

Students who successfully complete the paper should be able to:

  • Understand and appreciate various malware analysis techniques
    Linked to the following assessments:
    Assignment 1: Malware Analysis (1)
    Assignment 2: Malware Analysis (2)
    Online Test (4)
  • Carry out analysis of modern malware using various industry standard tools
    Linked to the following assessments:
    Assignment 1: Malware Analysis (1)
    Assignment 2: Malware Analysis (2)
    Online Test (4)
  • Understand the components of penetration testing
    Linked to the following assessments:
    Assignment 3: Penetration Testing (3)
    Online Test (4)
  • Use various tools and techniques to exploit sql injection and xss vulnerabilities for pen-testing
    Linked to the following assessments:
    Assignment 3: Penetration Testing (3)
    Online Test (4)
Edit Learning Outcomes Content
Edit Learning Outcomes Content

Assessment

Edit Assessments Content

Assessment Components

Edit Assessments Content

The internal assessment/exam ratio (as stated in the University Calendar) is 100:0. There is no final exam. The final exam makes up 0% of the overall mark.

The internal assessment/exam ratio (as stated in the University Calendar) is 100:0 or 0:0, whichever is more favourable for the student. The final exam makes up either 0% or 0% of the overall mark.

Component DescriptionDue Date TimePercentage of overall markSubmission MethodCompulsory
1. Assignment 1: Malware Analysis
15
2. Assignment 2: Malware Analysis
20
3. Assignment 3: Penetration Testing
35
4. Online Test
20
5. Weekly Quizzes
10
Assessment Total:     100    
Failing to complete a compulsory assessment component of a paper will result in an IC grade
Edit Assessments Content

Required and Recommended Readings

Edit Required Readings Content

Required Readings

Edit Required Readings Content
Readings are topical, and will be advised during each lecture.
Edit Required Readings Content

Recommended Readings

Edit Recommended Readings Content
Readings are topical, and will be advised during each lecture.
Edit Recommended Readings Content

Online Support

Edit Online Support Content
All online support will be provided via Moodle. Forums are created for students to ask questions and contribute ideas and topics. The lecture videos will be available on moodle too.
Edit Online Support Content

Workload

Edit Workload Content

Per week:

2 hours - Lectures

10 hours - Assignments and Readings

Edit Workload Content

Linkages to Other Papers

Edit Linkages Content
This paper is compulsory for the MCS and PGDip (Cyber Security) programmes
Edit Linkages Content

Prerequisite(s)

Prerequisite papers: COMPX201, COMPX203 and COMPX304

Corequisite(s)

Equivalent(s)

Restriction(s)

Edit Linkages Content