COMPX519-22B (HAM)

Malware Analysis and Penetration Testing

15 Points

Edit Header Content
Division of Health Engineering Computing & Science
School of Computing and Mathematical Sciences
Department of Computer Science

Staff

Edit Staff Content

Convenor(s)

Vimal Kumar

Vimal Kumar
4378
G.2.26
See Moodle
vimal.kumar@waikato.ac.nz

Lecturer(s)

Administrator(s)

: buddhika.subasinghe@waikato.ac.nz

Placement/WIL Coordinator(s)

Tutor(s)

Student Representative(s)

Lab Technician(s)

Librarian(s)

: alistair.lamb@waikato.ac.nz

You can contact staff by:

  • Calling +64 7 838 4466 select option 1, then enter the extension.
  • Extensions starting with 4, 5, 9 or 3 can also be direct dialled:
    • For extensions starting with 4: dial +64 7 838 extension.
    • For extensions starting with 5: dial +64 7 858 extension.
    • For extensions starting with 9: dial +64 7 837 extension.
    • For extensions starting with 3: dial +64 7 2620 + the last 3 digits of the extension e.g. 3123 = +64 7 262 0123.
Edit Staff Content

Paper Description

Edit Paper Description Content

In practical cyber security landscape two main complementary approaches have evolved; offensive security and defensive security. In this paper we will cover the defensive security topic of malware analysis to understand, analyse and detect malicious code. We will further cover offensive security techniques of SQL injection and cross site scripting in depth which are useful when performing penetration testing. Knowledge of such offensive and defensive security approaches is an essential part of software engineering too.

The learning outcomes for this paper are linked to Washington Accord graduate attributes WA1-WA11. Explanation of the graduate attributes can be found at: https://www.ieagreements.org/

Edit Paper Description Content

Paper Structure

Edit Paper Structure Content
The paper is taught through lectures which maybe online or in-person, in either case class attendance is expected. Recorded lectures will be available on Moodle. The course notes provided are not comprehensive, additional material will be covered in class. You are responsible for all material covered in class.
Edit Paper Structure Content

Learning Outcomes

Edit Learning Outcomes Content

Students who successfully complete the paper should be able to:

  • Carry out analysis of modern malware using various industry standard tools [WA2, WA4, WA5]
    Linked to the following assessments:
    Assignment 1: Malware Analysis (1)
    Assignment 2: Malware Analysis (2)
    Online Test (4)
    Weekly Quizzes (5)
  • Learn the disassembly of machine code to construct high level code [WA1, WA2, WA5]
    Linked to the following assessments:
    Assignment 2: Malware Analysis (2)
    Online Test (4)
    Weekly Quizzes (5)
  • Analyse a web application for security issues [WA1, WA4, WA5]
    Linked to the following assessments:
    Assignment 3: Penetration Testing (3)
    Online Test (4)
    Weekly Quizzes (5)
Edit Learning Outcomes Content
Edit Learning Outcomes Content

Assessment

Edit Assessments Content

Assessment Components

Edit Assessments Content

The internal assessment/exam ratio (as stated in the University Calendar) is 100:0. There is no final exam. The final exam makes up 0% of the overall mark.

The internal assessment/exam ratio (as stated in the University Calendar) is 100:0 or 0:0, whichever is more favourable for the student. The final exam makes up either 0% or 0% of the overall mark.

Component DescriptionDue Date TimePercentage of overall markSubmission MethodCompulsory
1. Assignment 1: Malware Analysis
20
2. Assignment 2: Malware Analysis
20
3. Assignment 3: Penetration Testing
20
4. Online Test
30
5. Weekly Quizzes
10
Assessment Total:     100    
Failing to complete a compulsory assessment component of a paper will result in an IC grade
Edit Assessments Content

Required and Recommended Readings

Edit Required Readings Content

Required Readings

Edit Required Readings Content
Readings are topical, and will be advised during each lecture.
Edit Required Readings Content

Recommended Readings

Edit Recommended Readings Content
Readings are topical, and will be advised during each lecture.
Edit Recommended Readings Content

Online Support

Edit Online Support Content
All online support will be provided via Moodle. Forums are created for students to ask questions and contribute ideas and topics. The lecture videos will be available on moodle too.
Edit Online Support Content

Workload

Edit Workload Content

Per week:

2 hours - Lectures

10 hours - Assignments and Readings

Edit Workload Content

Linkages to Other Papers

Edit Linkages Content
This paper is compulsory for the MCS and PGDip (Cyber Security) programmes
Edit Linkages Content

Prerequisite(s)

Prerequisite papers: (COMPX201 or COMPX241) and COMPX203 and COMPX304

Corequisite(s)

Equivalent(s)

Restriction(s)

Edit Linkages Content