Index
This was a third year module teaching penetration testing in the context of web applications, in addition to what cloud services are, different deployment models, frameworks, virtualisation, and threats.
Module Overview
The first part of the module was really poorly taught by Dr. Nawfal Al Hashimy, and I found offered little useful value. Poor teaching efforts were brought forward as a module complaint, which the University eventually acknowledged and a poor apology was issued.
The second half of the module, which focused on the penetration testing and exploits of real vulnerabilities, however, was much better taught and provided clear specifications and goals as part of the coursework.
Courseworks
The first coursework focused on mapping out a company's assets and talking through the attack steps we could take. There were also questions around SLAs, and different types of cloud.
The second and third coursework focused on an offensive security test using Burp Suite, followed by patching a PHP application written with the Fat-Free Framework to harden and prevent several popular exploits.
LaTeX Notes
Notes for this module were originally taken in \(\LaTeX\), and I haven't yet (nor probably will) have time to port them to this format. Please find the PDF of these notes here.