Course Title: Ethical Hacking for Cyber Security

Part A: Course Overview

Course Title: Ethical Hacking for Cyber Security

Credit Points: 12.00


Course Code




Learning Mode

Teaching Period(s)


City Campus


145H Mathematical & Geospatial Sciences


Sem 1 2006,
Sem 2 2007,
Sem 1 2009,
Sem 2 2010,
Sem 1 2012,
Sem 2 2013,
Sem 1 2015,
Sem 2 2016


City Campus


171H School of Science


Sem 1 2018,
Sem 2 2019,
Sem 1 2021

Course Coordinator: Dr. Matt Skerritt

Course Coordinator Phone: NA

Course Coordinator Email:

Pre-requisite Courses and Assumed Knowledge and Capabilities

This is an elective course that builds on the overview presented in the above courses, and introduces a hands on study of practical methods for assessing the security information systems and services.

It is assumed that students are familiar with the following concepts and technologies:

Foundations of
• TCP/IP and HTTP protocols
• Web technologies such as HTML and JavaScript
• Linux and Windows Operating Systems (at user level)
• Client-server application architecture
• A programming/scripting language (e.g. Java, C#, Perl, Python, PHP, Ruby, JS, BASH, etc).

It is strongly recommended that students familiarize themselves with the basics of security testing methodologies, such as the OSSTMM - Open Source Security Testing Methodology Manual and the OWASP Testing Guide). These are Open Source documents that are compulsory pre-reading for this course.

This course is designed to build on top of this knowledge. Students without a technical foundation may struggle to understand the course content and practical assessments.

Required Prior Study:

INTE1120 Introduction to Information Security
INTE1122 Case Studies in Information Security
INTE1125 Cryptography and Security

COSC1295 Advanced Programming 

Enforced Pre-Requisites: 

INTE1120 or INTE1122 

COSC1295 Advanced Programming 

Course Description

This course focuses on web application and network security. Students will be taught how to think like a hacker and analyse systems in terms of abuse cases rather than use cases. The methodology and technical skills required for penetration testing will be taught in a hands-on practical manner. Students will apply and demonstrate their knowledge in attacking systems within a virtual lab environment. 


You will complete group assignments in penetration testing of a web application and network servers, resulting in an industry style report of weaknesses including appropriate risk assessments. 


A Work Integrated Learning (WIL) experience is included in which your knowledge and skills will be applied and assessed in a real or simulated workplace context and where feedback from industry and/or community is integral to your experience. You will use industry technology (specifically VMware virtualisation software) which simulates an enterprise security system. You will complete individual and group assignments in vulnerability testing of that system resulting in an industry style report of weaknesses to be presented to enterprise management. 

Objectives/Learning Outcomes/Capability Development

On completion of this course you should be able to:

1. Identify common security tools and compare and contrast their features and purpose
2. Perform a realistic penetration test (as part of your assessment)
3. Develop technical skills that will enable you to further advance your knowledge of security assessment through independent study.
4. Recommend and implement common security testing techniques, methodologies and information security management policies and present security findings in industry consensus formats
5. Critically review the risks associated with common information systems
6. Acquire skills to perform security testing in an ethical manner in a wide variety of web technologies

This course contributes to the following Program Learning Outcomes for MC159 Master of Cyber Security:

International Orientation and Strategic Thinking

• Graduates will have a strategic and practical overview of the issues in information security and assurance.

Critical Analysis and Problem Solving

• Evaluate information security risks across diverse service settings including the Internet and WWW based commerce systems, high bandwidth digital communications and funds transfer services,
• Undertake professional careers or postgraduate research in information security or other IT related fields, acquiring the required information needed to identify real world solutions to real world information security problems.


• Graduates will have the ability to communicate both technical and non-technical material in a range of forms (written, electronic, graphic, oral) and to tailor the style and means of communication to different audiences.

Ethical Values

• Graduates will exhibit an ability to appreciate the ethical considerations that inform judgments and decision making in academic and professional settings.

Overview of Learning Activities

A variety of planned student learning experiences will accommodate the learning outcomes envisaged for this course. This includes individual and group activities and laboratory-based learning experiences. 
A presentation format will provide an overview of the specified study area and direct you to foundational, analytical, and evidence-based readings about cryptography and its place in Information Security. Facilitated open discussions will draw on your capacity to solve problems, to think critically and analytically and reflect on your own relevant work and life experiences. 
Individual and group activities, such as in-semester assessments, will provide you with on-going feedback on your progress. An end-of-semester assessment   will complement this aspect of your learning. 

In-semester assessments may take the form of homework assignments,  class tests and/or computer-based project work.  Presentation of project work may also form part of the assessment. The assessments will reinforce the material covered in lectures and in your personal study. Your capacity to solve problems and to think critically and analytically will also be addressed through problems presented in lectorials and facilitated seminars. In-semester assessments will emphasize the role of ethics in the academic arena. You will be expected to understand the plagiarism policy enforced at RMIT 
The in course and final assessments will test your comprehension of the subject material and your ability to apply this understanding to real world problems. Laboratory projects and the class tests will test your comprehension of the subject material and your ability to apply this understanding to real world problems. 

Overview of Learning Resources

You will be expected to expand on the subject matter provided as lecture notes. This will take the form of accessing various external and internal resources, such as the library and the Internet. References to books, including text and reference books will be provided in class. 

The Internet will be the most important source for academic, technical and white papers and you will be required to use this as a learning resource on a regular basis. In addition, your classmates and tutor/lecturer are also important learning resources as will be demonstrated in facilitated discussions. 

This course is supported online using an online course site , which gives access to important announcements, a discussion forum, staff contact details, the teaching schedule, assessment timelines. You are advised to read your student  e-mail daily for important announcements. You should also visit the course  site at least once a day where you will find important announcements regarding the course and all key documents. 

Overview of Assessment

☒This course has no hurdle requirements.

Assessment Tasks:


Early Discipline based practical individual assessment 

Weighting: 10% 

This assessment task supports CLOs 1,3 & 5 


Discipline based practical Team Assessment (Team Report and Video). 

Weighting 40% 

This assessment task supports CLOs 1-6 


In-class discipline-based practical individual assessment. 


This assessment supports CLOs 1-6