Azerbaijan State University of Economics (UNEC)

Approved by: Head of the Department of “Digital Economy and AI”

Akad. Abbasov A.M.
---- ---- 2025 y.

Working curriculum on the subject of Penetration Testing

(sillabus)
I. Information about the subject
Item Code: - 01001
Type of item: required
Year of study: 2025/2026
Semesters of study of the subject: spring
Faculty: Digital Economics
Group: 585-I
Academic load: 60 hours (lectures / seminar/ - 30/30/)
Forms of study: full-time, part-time
Number of credits: 5
Department: Digital Communication and Applied Informatics
II. Information about the teacher
Teacher (UNEC): Aaflatun Mammadov
E-mail: aflatunmasimoglu@gmail.com, aflatun_mammadov@unec.edu.az
Work phone: 012 478 37 37; mobile phone: 050 288 39 39;
III. Description of the item
The chronology of the Internet development, its advantages and disadvantages
are considered. The main organizational units coordinating the work on
standardization of the Internet are presented. The description and operation of
the TCP/IP protocol stack, as well as the addresses used to identify network
interfaces, are provided. The structure and principles of WWW and application-
level Internet protocols are described in detail.
It provides general information, a description, and recommendations for
preventing the main vulnerability models according to the OWASP classification.
Special attention is paid to one of the most popular and widely advertised types
of attack, distributed denial of service (DDoS).
At the same time, various types of attacks on web systems are considered in
detail: cross-site scripting (XSS), SQL injections, password brute force,
unprotected resources.
The key stages of providing remote access via SSH protocol, which is used for
remote management of user data on the server, running service commands,
working in console mode with databases, as well as for creating tunnels - a
secure logical connection between two network nodes, are considered.
The safe installation and configuration of an FTP server for Windows operating
systems is considered, which provides users with the ability to connect and
perform various actions with files and folders stored on the server: download,
upload, create, edit, rename, delete, assign access rights.
The subject of a separate study is the rules for protecting modern web
applications and ensuring the security of the application architecture. An
effective way to determine the sequence of code verification for security holes
and search for vulnerabilities related to logical errors is analyzed.
The methods and processes of protection against XSS attacks, DoS attacks, CSRF
and XXE attacks are considered in detail.
The SQL string is escaped inside the HTTP request, which makes it possible to
execute the desired SQL query on behalf of the user. To implement the code, you
need to understand how the application functions, since it is usually carried out
as a result of executing server code, in which the text extracted by the analyzer
from the client HTTP request is added.
The first measure against DoS-type attacks should be to create a comprehensive
registration system on the server. All requests should be recorded along with the
amount of time it took to respond. In addition, you should manually log the
performance of any type of asynchronous jobs, such as backups that are called
through the API, but run in the background, and no response is generated after
it is completed. This will allow you to detect any (accidental or malicious)
attempts to exploit a vulnerability to DoS attacks.
The software tools and basic tools for analyzing the security of Web applications
and for ensuring the security of a web server are analyzed in detail. Web
application security verification includes an active analysis of the application for
any kind of weaknesses, technical flaws or vulnerabilities.
IV. The purpose and objectives of the subject
The main purpose of the course is to familiarize students with information
related to penetration testing, error detection and any other security work at
the Web application level.
It is also necessary to teach students how to use knowledge when searching for
vulnerabilities, developing methods of exploiting them, prioritizing
compromised data and providing means to protect them. To study in depth the
options for exploiting vulnerabilities both at the code level and at the
architecture level. For students to effectively perceive the course "Penetration
Testing", there is enough knowledge at the level of the secondary general
education course in computer science and the course "Computer Technology
and Programming".
This course also introduces the latest achievements in the field of Web
application security and attacks, counteraction measures for the selection and
application of proprietary scripts, network requests and tools that are included
in the standard package of operating systems, as well as standard tools built into
the main web browsers (Chrome, Firefox and Edge).
V. Methodology teaching the subject
They are used in a wide aspect of teaching and training, lecturing in the learning
process, organizing interactive discussions, executing projects in a team form,
working in small groups, business games, analyzing and studying specific
samples and teaching methods (case study), presenting free topics and
completing test tasks.
They should be able to search for the necessary data, organize, process, analyze
and evaluate it, as well as disseminate information in accordance with their
goals. This ability should provide students with the opportunity to:
• successfully pursue lifelong education (including receiving educational services
using the Internet);
• prepare for the chosen professional activity;
• to live and work in an information society, in a knowledge-based economy.
Special attention will be paid to new teaching methods:
• Internet technologies - communication by means of e–mail and the Virtual
University system
• information technology – direct use of a computer, electronic materials
• Information and communication technologies – presentations, interactive
tests, video tutorials.
VI. Learning outcomes
After completing the course of study and mastering all the topics, students
They should know:
• Know the technical devices and structures of the web application, as well as
the services that support its operation. How are the client and server parts of
applications related to each other, and understand their architecture well. The
behavior of the application on the server, on the client side, and on the network.
Which technologies ensure the functioning of applications at each of these three
levels. To see weaknesses in various databases, client technologies and network
protocols.
• Be able to identify weaknesses in the application architecture at the stage of
preliminary data collection. When searching for vulnerabilities, focus primarily
on poorly designed functionality. Functionality equipped with good protective
mechanisms remains more resistant to attempts to bypass filtration systems.
• At the stage of preliminary data collection for the purpose of mapping an
application, it is necessary to take into account the overall architecture of its
security system. Architecture analysis will not only show the direction of
vulnerability search, but will also be able to help identify weaknesses in future
functionality.
• Cross-site scripting (XSS), their types and manifestations. XSS vulnerability
detection. The use of advanced code writing techniques to prevent cross-site
scripting and the centralized function of adding data to the DOM so that cleanup
is a standard operation performed for the entire application. Take into account
common receivers for DOM XSS, and if they are not required, clear or block
them.
• Cross-Site Request Forgery (CSRF) procedure how is the trust relationship
between the browser, the user and the web server/API and the form of its
manifestation. Methods to protect against cross-site request forgery and
eliminate or reduce the risk of CRSF in a web application that are implemented
at the design or code writing stage.
• Attack on external XML entities (XXE attack). XXE attacks are possible due to
the existence of an insufficiently protected standard. Forms of protection against
XXE attacks.
• Countering the introduction of SQL code. Timely detection of vulnerabilities
and taking protective measures reduce the likelihood that your web application
will be attacked with SQL injection. The main SQL databases offer measures to
prevent code injection, but low–quality application architecture and incorrectly
written client-server interaction code still leave room for this vulnerability.
Building a code base in accordance with the principle of minimum privileges will
help the application minimize damage in the event of a hack. An application
designed with security requirements in mind will never allow the client (user) to
provide a request or command to be executed on the server.
• One of the most popular and widely advertised types of attack is distributed
denial of service (DDoS). This is a type of denial of service (DoS) in which a large
network of devices floods the server with requests, slowing down its operation
and interfering with legitimate users. The probability of a DoS attack can be
reduced due to a well-designed application architecture that does not allow
users to seize resources for a long time. ReDoS-type attacks related to malicious
regular expressions can be mitigated by configuring a static analysis tool (for
example, linter) to scan regular expressions in the codebase and warn if
syntactically they look like "evil".
• Protection of third-party dependencies in web applications. By applying the
principle of minimum privileges, you can allow certain dependencies to run on
their own server, or at least in their own environment with isolated server
resources. This reduces the risk of compromising the rest of the application if a
serious security hole is discovered or if an undetected malicious script is
triggered.
Must be able to:
• Use a combination of methods to increase the chances of detecting and
eliminating serious security vulnerabilities before they are discovered and
exploited by hackers.
• Identify different ways to search for vulnerabilities in the code base of web
applications, their manifestations and ensuring the security of computer
systems.
• Identify weaknesses in the application architecture at the stage of preliminary
data collection.
• To see weaknesses in various databases, client technologies and network
protocols.
VII. Prerequisites
A preliminary study of the course "Computer Technology and Programming" is
required.
Prerequisites
There is no need for related items.

VIII. Lectures of the curriculum

Topic 1. Introduction to Penetration Testing.
Topic 2. Ethical Hacking vs. Penetration Testing.
Topic 3. Penetration Testing Methodologies (OWASP, PTES, NIST).
Topic 4. Reconnaissance and Information Gathering.
Topic 5. Footprinting and Scanning Techniques.
Topic 6. Network and Web Application Vulnerabilities.
Topic 7. Common Penetration Testing Tools (Nmap, Metasploit, Burp Suite).
Topic 8. Social Engineering in Penetration Testing.
Topic 9. Exploiting Vulnerabilities (Buffer Overflows, SQL Injection).
Topic 10. Post-Exploitation Techniques.
Topic 11. Privilege Escalation Techniques Wireless Network Penetration
Testing.
Topic 12. Wireless Network Penetration Testing.
Topic 13. Penetration Testing Report Writing.
Topic 14. Penetration Testing Legal and Ethical Considerations
Topic 15. Security Best Practices and Remediation Strategies.

IX. Lecture texts on the subject

Lecture texts, discussion questions and tasks, as well as various types of
educational materials are available on the University's website in the section
"Virtual University" (www. vu.aseu.az .).
All tests are based on these lectures.
X. Literature and materials.
1. Here’s a comprehensive list of literature and resources used for penetration
testing that can provide both foundational knowledge and hands-on practical
skills:
Books:
1. "Penetration Testing: A Hands-On Introduction to Hacking" by Georgia
Weidman
o This book offers a practical, hands-on approach to penetration
testing, providing real-world exercises for beginners.
o Link: Amazon
2. "The Web Application Hacker's Handbook" by Dafydd Stuttard & Marcus
Pinto
o This in-depth guide focuses on testing web applications for security
flaws, exploring methods like SQL Injection and Cross-Site Scripting
(XSS).
o Link: Amazon
3. "The Hacker Playbook" Series by Peter Kim
o These books provide step-by-step guides for penetration testing and
hacking techniques, making them useful for both beginners and
experienced professionals.
o Link: Amazon
4. "Hacking: The Art of Exploitation" by Jon Erickson
o This book covers the basics of hacking and ethical hacking,
providing insights into programming, exploitation techniques, and
real-world security flaws.
o Link: Amazon
Websites & Resources:
1. OWASP (Open Web Application Security Project)
 o Essential resource for web application security testing, including the
OWASP Top 10 and other security best practices.
o Link: OWASP
2. Metasploit Framework
o A leading platform for developing and executing exploits, commonly
used in penetration testing to exploit vulnerabilities.
o Link: Metasploit
3. Kali Linux
o A popular Linux distribution designed for penetration testing, which
comes pre-installed with numerous tools for network scanning,
vulnerability analysis, and more.
o Link: Kali Linux
4. Hack The Box
o A platform providing challenges and virtual machines for learning
penetration testing skills, simulating real-world environments.
o Link: Hack The Box
5. TryHackMe
o An interactive platform offering virtual labs and scenarios for
cybersecurity enthusiasts to practice penetration testing and
hacking techniques.
o Link: TryHackMe
Methodologies:
1. OWASP Testing Guide
o A comprehensive guide to penetration testing web applications,
detailing the phases and techniques used to test for vulnerabilities.
o Link: OWASP Testing Guide
2. PTES (Penetration Testing Execution Standard)
 o A framework that outlines a structured penetration testing process,
including reconnaissance, exploitation, and reporting.
o Link: PTES
3. NIST SP 800-115 (National Institute of Standards and Technology Special
Publication 800-115)
o A formal methodology commonly used by federal agencies or
industries requiring compliance with security standards, focusing on
planning, vulnerability scanning, and reporting.
o Link: NIST SP 800-115
4. OSSTMM (Open Source Security Testing Methodology Manual)
o A comprehensive manual for security testing and auditing that
covers network, system, and application security.
o Link: OSSTMM
5. NACHA (National Automated Clearing House Association) Penetration
Testing Guide
o A set of guidelines and methodologies for conducting penetration
testing in payment and financial systems to ensure compliance with
security standards.
o Link: NACHA
Tools:
1. Nmap
o A network scanning tool used for discovering devices on a network,
identifying open ports, and assessing vulnerabilities.
o Link: Nmap
2. Burp Suite
o A suite of tools for testing web application security, particularly for
finding vulnerabilities like SQL Injection and Cross-Site Scripting
(XSS).
 o Link: Burp Suite
3. Wireshark
o A network protocol analyzer that helps capture and analyze
network traffic to understand how data flows through a system and
identify communication vulnerabilities.
o Link: Wireshark
4. Nikto
o A web server scanner that detects various vulnerabilities such as
outdated software, configuration issues, and security
misconfigurations.
o Link: Nikto
5. John the Ripper
o A password cracking tool that helps penetration testers assess
password strength by attempting to crack hashed passwords.
o Link: John the Ripper
6. Aircrack-ng
o A tool used for network security testing, specifically for cracking
WEP and WPA-PSK wireless networks.
o Link: Aircrack-ng
Additional Learning Platforms:
1. Offensive Security (OSCP)
o Offensive Security's certification and training programs are widely
regarded in the penetration testing community, particularly the
OSCP (Offensive Security Certified Professional) certification.
o Link: Offensive Security
2. SANS Institute
 o Known for offering cybersecurity training programs, including
penetration testing-focused courses like the GPEN (GIAC
Penetration Tester) certification.
o Link: SANS Institute
3. Cybrary
o Offers various cybersecurity courses, including topics on penetration
testing, ethical hacking, and security certifications.
o Link: Cybrary
Other Resources:
1. CVE (Common Vulnerabilities and Exposures)
o A database of publicly disclosed cybersecurity vulnerabilities and
exposures, which penetration testers can use to stay informed on
the latest security threats.
o Link: CVE
2. Exploit-DB (Exploit Database)
o A collection of publicly available exploits, used by penetration
testers to learn about the latest vulnerabilities and how to exploit
them.
o Link: Exploit-DB
This wide list of books, methodologies, tools, and platforms will provide a well-
rounded understanding of penetration testing, from theory to practical
application.
To gain practical skills, as well as to master the trends taking place in the
information economy, students are recommended to get acquainted with such
publications as the International Journal of Information and Communication
Technology Research, Journal of Information Technology Theory And
Application, Journal of Engineering and Technology Management, Information
Technology, Bulletin of Computer and Information Technology, Informatics and
Education. As part of this course, discussions of events will be held in the
classroom in real time.

XI. Content and educational and thematic distribution of topics.

A Name of the The main content of the topics Literatures

wee topic
k
1. Introduction to Penetration testing, also known as ethical "Penetration Testing:
Penetration hacking, is a proactive cybersecurity A Hands-On
Testing practice where experts simulate attacks Introduction to
on systems, networks, or web Hacking" by Georgia
applications to identify vulnerabilities Weidman (Chapters
before malicious hackers can exploit 1-2)
them. By mimicking real-world
"The Web
cyberattacks, penetration testers assess
Application Hacker's
the security posture of an organization,
Handbook" by
uncover weaknesses, and evaluate the
Dafydd Stuttard &
potential impact of exploitation. This
Marcus Pinto
process helps organizations strengthen
(Chapters 1-2)
defenses, improve risk management, and
meet compliance requirements, OWASP Testing
ultimately reducing the chances of a Guide (Introduction,
successful cyberattack and safeguarding Penetration Testing
sensitive data. Process)
PTES (Penetration
Testing Execution
Standard) (Sections
1-3)
2. Ethical Hacking Ethical hacking and penetration testing "Penetration Testing:
vs. Penetration are closely related concepts, but they A Hands-On
have distinct differences. Ethical hacking Introduction to
 Testing refers to the broader practice of using Hacking" by Georgia
hacking techniques in a legal and Weidman (Chapters
authorized manner to identify 1-2)
vulnerabilities in systems and networks.
"The Application
It encompasses various activities,
Hacker's Handbok"
including penetration testing,
by Dafydd Stuttard &
vulnerability assessments, and security
Marcus Pinto
audits. On the other hand, penetration
(Chapter 2)
testing is a specific type of ethical hacking
focused on simulating real-world attacks OWASP Testing
to exploit vulnerabilities and assess the Guide (Introduction)
potential damage. While ethical hackers PTES (Penetration
may use a variety of methods, Testing Execution
penetration testing is often more Standard) (Section 1)
structured, with clear objectives and
scope defined for testing system
defenses.
3. Penetration Penetration testing methodologies, such OWASP Testing
Testing as OWASP, PTES, and NIST, provide Guide (Section 1)
Methodologies structured approaches to conducting
PTES (Section 1-2)
(OWASP, PTES, security assessments. The OWASP Testing
NIST) Guide focuses on web application NIST SP 800-115
security, emphasizing the detection of (Section 1-2)
critical vulnerabilities. PTES outlines a
comprehensive seven-phase framework
for penetration testing, from
reconnaissance to reporting. NIST SP 800-
115 provides a formal, government-
centric methodology, often used for
compliance, covering all aspects from
planning to post-test analysis. Each
methodology ensures thorough testing
and effective identification of system
weaknesses.
4. Reconnaissance Reconnaissance and information "Penetration Testing:
and Information gathering are critical initial phases of A Hands-On
Gathering. penetration testing, where testers collect Introduction to
data about the target system to identify Hacking" by Georgia
potential vulnerabilities. This can include Weidman (Chapters
techniques like network scanning, 4-5)
domain enumeration, and gathering
"The Web
publicly available information (OSINT).
Application Hacker's
The goal is to map out the target
Handbook" by
environment, identify weak points, and
Dafydd Stuttard &
prepare for more in-depth exploitation
Marcus Pinto
during later phases of the test.
(Chapter 3)
OWASP Testing
Guide (Section 2)
PTES (Section 2)
5. Footprinting and Footprinting and scanning techniques "Penetration Testing:
scanning involve gathering detailed information A Hands-On
techniques about a target system to identify Introduction to
vulnerabilities. Footprinting includes Hacking" by Georgia
collecting data from public sources, such Weidman (Chapter 4)
as WHOIS databases or websites, to map
"The Web
the system's structure. Scanning
Application Hacker's
techniques, like port scanning or network
Handbook" by
discovery, are then used to identify open
Dafydd Stuttard &
ports, services, and potential entry points
Marcus Pinto
for exploitation, providing a clear picture
(Chapter 4)
of the target’s security posture.
OWASP Testing
Guide (Section 3)
PTES (Section 3)
6. Network and Network and web application "Penetration Testing:
web application vulnerabilities are security flaws that can A Hands-On
vulnerabilities be exploited by attackers to compromise Introduction to
 systems. Network vulnerabilities include Hacking" by Georgia
issues like open ports, weak firewalls, Weidman (Chapter 6)
and unpatched software. Web application
"The Web
vulnerabilities often involve flaws such as
Application Hacker's
SQL injection, Cross-Site Scripting (XSS),
Handbook" by
and insecure authentication methods,
Dafydd Stuttard &
which can expose sensitive data or allow
Marcus Pinto
unauthorized access. Identifying and
(Chapters 4-5)
addressing these vulnerabilities is crucial
to safeguarding systems. OWASP Testing
Guide (Section 4)
PTES (Section 4)
7. Common Common penetration testing tools like "Penetration Testing:
Penetration Nmap, Metasploit, and Burp Suite help A Hands-On
Testing Tools testers identify and exploit Introduction to
(Nmap, vulnerabilities. Nmap is used for network Hacking" by Georgia
Metasploit, Burp discovery and port scanning, Metasploit Weidman (Chapter 7)
Suite) provides a framework for exploiting
"The Web
vulnerabilities and testing defenses,
Application Hacker's
while Burp Suite is a web application
Handbook" by
testing tool that identifies security flaws
Dafydd Stuttard &
like SQL injection and XSS. These tools
Marcus Pinto
are essential for assessing and securing
(Chapter 7)
systems effectively.
OWASP Testing
Guide (Section 5)
PTES (Section 5)
8. Social Social engineering in penetration testing "Penetration Testing:
Engineering in involves manipulating individuals to gain A Hands-On
Penetration unauthorized access to systems or Introduction to
Testing sensitive information. Testers may use Hacking" by Georgia
techniques like phishing, pretexting, or Weidman (Chapter 9)
baiting to exploit human behavior and
"The Web
bypass security controls. It helps identify
Application Hacker's
 weaknesses in an organization's security Handbook" by
culture, highlighting the need for user Dafydd Stuttard &
awareness and proper training to defend Marcus Pinto
against such attacks. (Chapter 8)
OWASP Testing
Guide (Section 6)
PTES (Section 6)
9. Exploiting Exploiting vulnerabilities like buffer "Penetration Testing:
Vulnerabilities overflows and SQL injection allows A Hands-On
(Buffer attackers to execute malicious actions on Introduction to
Overflows, SQL a system. Buffer overflows occur when Hacking" by Georgia
Injection) excess data overwrites memory, enabling Weidman (Chapter 6)
attackers to run arbitrary code. SQL
"The Web
injection exploits weak input validation in
Application Hacker's
web applications, allowing attackers to
Handbook" by
manipulate database queries and gain
Dafydd Stuttard &
unauthorized access to data. Both
Marcus Pinto
vulnerabilities are critical to identify and
(Chapters 6-7)
mitigate in penetration testing.
OWASP Testing
Guide (Section 7)
PTES (Section 7)
10. Post-exploitation Post-exploitation techniques focus on "Penetration Testing:
techniques actions taken after successfully A Hands-On
compromising a system. These include Introduction to
maintaining access, escalating privileges, Hacking" by Georgia
gathering sensitive data, and spreading Weidman (Chapter 8)
within a network. The goal is to assess
"The Web
the depth of a system’s vulnerability and
Application Hacker's
the potential impact of a real-world
Handbook" by
attack, while also identifying methods to
Dafydd Stuttard &
trace or remove evidence of exploitation.
Marcus Pinto
(Chapter 9)
 OWASP Testing
Guide (Section 8)
PTES (Section 8)
11. Privilege Privilege escalation techniques involve "Penetration Testing:
escalation gaining higher levels of access within a A Hands-On
techniques compromised system. This can be Introduction to
achieved by exploiting vulnerabilities, Hacking" by Georgia
misconfigurations, or weak permissions Weidman (Chapter 8)
to move from a lower-level user account
"The Web
to an administrator or root account. The
Application Hacker's
goal is to increase control over the
Handbook" by
system, allowing attackers to execute
Dafydd Stuttard &
more damaging actions or access
Marcus Pinto
sensitive data.
(Chapter 9)
OWASP Testing
Guide (Section 9)
PTES (Section 9)
12. Wireless network Wireless network penetration testing "Penetration Testing:
penetration involves assessing the security of wireless A Hands-On
testing networks by identifying vulnerabilities in Introduction to
protocols like Wi-Fi. Testers may exploit Hacking" by Georgia
weak encryption (such as WEP), Weidman (Chapter 7)
misconfigured access points, or weak
"The Web
passwords to gain unauthorized access.
Application Hacker's
The goal is to evaluate the network’s
Handbook" by
resilience against attacks, ensuring data
Dafydd Stuttard &
integrity and preventing unauthorized
Marcus Pinto
use.
(Chapter 11)
OWASP Testing
Guide (Section 10)
PTES (Section 10)
13. Penetration Penetration testing report writing "Penetration Testing:
 testing report involves documenting the findings of a A Hands-On
writing penetration test, including identified Introduction to
vulnerabilities, exploitation methods, and Hacking" by Georgia
their impact. The report typically includes Weidman (Chapter 9)
an executive summary, detailed technical
"The Web
analysis, risk ratings, and actionable
Application Hacker's
recommendations. Clear communication
Handbook" by
is crucial to ensure both technical and
Dafydd Stuttard &
non-technical stakeholders understand
Marcus Pinto
the findings and can implement
(Chapter 13)
necessary remediation steps.
OWASP Testing
Guide (Section 11)
PTES (Section 11)
14. Penetration Penetration testing legal and ethical "Penetration Testing:
testing legal and considerations involve obtaining proper A Hands-On
ethical authorization before conducting tests to Introduction to
considerations avoid illegal activity. Testers must follow Hacking" by Georgia
laws, respect privacy, and adhere to Weidman (Chapter 2)
ethical guidelines, ensuring they do not
"The Web
cause harm to systems or data. Clear
Application Hacker's
agreements and communication with
Handbook" by
clients are crucial to ensure all actions are
Dafydd Stuttard &
legally and ethically compliant
Marcus Pinto
throughout the testing process.
(Chapter 1)
OWASP Testing
Guide (Section 2)
PTES (Section 2)

15. Security Best Security best practices and remediation "Penetration Testing:
Practices and strategies focus on strengthening systems A Hands-On
Remediation against attacks by addressing identified Introduction to
Strategies vulnerabilities. This includes applying Hacking" by Georgia
 patches, updating software, using strong Weidman (Chapter
authentication methods, encrypting 10)
sensitive data, and educating employees.
"The Web
Remediation strategies involve promptly
Application Hacker's
fixing issues discovered during
Handbook" by
penetration testing to prevent future
Dafydd Stuttard &
exploitation and ensure a robust security
Marcus Pinto
posture.
(Chapter 14)
OWASP Testing
Guide (Section 12)
PTES (Section 12)

Final exam

XII. Seminars: preparation and evaluation

The certification of students is conducted by the teacher in accordance with the
degree of their development of the course. The results of the assessment are
based on completed homework, the degree of student activity during the lesson
and other criteria.
The answer of each student at the seminars will be evaluated on a 5-point scale
from 0 to 20 points (maximum 20 points). At the end of the semester, all the
points received by the student during the semester are summed up.
XIII. Course work on the subject
There are no term papers on the subject.
XIV. Independent work: requirements and assessment
XV. Course attendance
Students are free to attend.
XVI. Intermediate assessment
In the process of teaching the subject, the student's current activity in the
classroom (lecture activities, answers to seminars, participation in group work,
etc.) is evaluated on a scale from 0 to 10 points according to a 10-point system.
Evaluation of the seminar must be answered 4 times (maximum)). The
maximum score a student can get during a semester in this subject is 20 points.
- 10 points = 5 points
- 9 points = 4.5 points
- 8 points = 4 points
- 7 points = 3, 5 points
- 6 points = 3 points
- 5 points = 2.5 points
- 4 balls = 2 balls
- 3 points = 1.5 points
- 2 points = 1 point
- 1 point = 0.5 points
XVII. Final exam
Students' final knowledge of the subject is assessed on a 100-point scale. The
maximum number of points is 100 points: the student receives 50 points during
the semester, the remaining 50 points during the exam. The maximum number
of points is 100 points: the student receives 20 activity points plus 30 points for
the midterm exams, the remaining 50 points during the exam.
At the end of the training, a final exam is held. The student's answer to the exam
can be estimated in the range of 0-50 points (maximum 50 points). The exam is
conducted in written or test forms. Exam questions or tests on the subject are
developed in accordance with the content of the texts of lectures and lessons.
If a student does not score at least 17 points on the final exam, the student will
not receive points in this subject, and he will have an academic debt.
If a student has any complaints regarding the assessment of exam results, he can
apply to the Appeals Commission in accordance with the general rules
established by the University.
XVII. Final assessment of the subject
Students' final knowledge of the subject is assessed according to a 100-point
system. The maximum number of points is 100 points..
After the final exam, all the points scored by the student in the subject are
summed up and the final score (points) is calculated.
The criterion for the credit system is the share
Form Score Percentage
Exam (final) 50 50 %
For seminars and laboratory classes 20 20 %
Midterm exam 30 30%
Total: 100 100 %
Finally, the student's knowledge is evaluated as follows::
Less than 51 points - “unsatisfactory” – F
51-60 points - “satisfactory” – E
61-70 points - “enough” – D
71-80 points - “good” – C
81-90 points - “very good ” – B
91-100 bal - “excellent” – A
If the student's final score is below 51 (i.e. his knowledge is assessed as
"unsatisfactory"), the student will not receive points in the subject and he will
remain in the academic debt.
Prepared by Teacher (UNEC): A.M. Mammadov / Signature:

Date: 22.01. 2025 y.

Imtahan sualları:
“Nüfuzetmə sınaqlarının əsasları”

Kafedranın adı “Rəqəmsal texnologiyalar və tətbiqi informatika”

Müəllimin adı Əflatun Məmmədov
Fənnin kodu _01001
Fənnin adı “Nüfuzetmə sınaqlarının əsasları”
Tədris dili Ingilis
Sualların sayı 75

s/s Mövzu Sualın mətni

What is penetration testing, and why is it significant in the

1 01 context of web security? Can you provide examples of
situations where penetration testing is necessary?

2 01 What are the key objectives of penetration testing, and how

do they contribute to identifying vulnerabilities in a network
 or web application?

What are the different types of penetration testing? For each

3 01 type, can you provide an example of when it would be
appropriate to use that specific testing approach?

What are the various penetration testing methodologies,

and how do frameworks like OWASP and NIST guide the
4 01
penetration testing process? Can you explain the phases
involved in these methodologies?

What role do penetration testing tools play in the

penetration testing process? Can you provide examples of
5 01
three commonly used tools and describe the purpose of
each in identifying vulnerabilities?

What is the difference between ethical hacking and

6 02 penetration testing? Explain the key distinctions in terms of
scope, objectives, and approach.

Provide a comprehensive overview of ethical hacking. What

7 02 are the primary goals and ethical guidelines that ethical
hackers must follow during their activities?

What is penetration testing, and how does it differ from

ethical hacking in terms of focus and methodology? Provide
8 02
examples of situations where penetration testing would be
more appropriate than ethical hacking.

In what scenarios would ethical hacking be preferred over

9 02 penetration testing, and vice versa? Discuss the factors that
influence the choice between these two approaches.

10 02 Conclude by comparing the benefits and limitations of

ethical hacking and penetration testing. How do both
 contribute to enhancing the security posture of an
organization?

What are the key differences between the OWASP, PTES, and
NIST penetration testing methodologies? Explain how each
11 03
methodology approaches penetration testing and their
respective advantages.

Explain the Penetration Testing Execution Standard (PTES).

12 03 What are the core phases of PTES, and how do they help
ensure a comprehensive penetration testing process?

What is NIST SP 800-115, and how does it contribute to the

13 03 field of penetration testing? Discuss its structure, phases,
and how it guides penetration testers in conducting tests.

Why is the selection of a penetration testing methodology

important, and how does the choice of methodology affect
14 03 the outcomes of a penetration test? Provide examples of
scenarios where one methodology might be preferred over
another.

Discuss the role of automation in penetration testing

methodologies. How do automated tools integrate into the
15 03
testing process, and what are the benefits and limitations of
relying on automation?

What is the role of reconnaissance and information

gathering in penetration testing, and why is it considered a
16 04 crucial first step in the testing process? Provide examples of
how reconnaissance contributes to identifying potential
attack vectors.

17 04 Describe the different phases of reconnaissance in

penetration testing. How does each phase contribute to the
 overall success of a penetration test? Provide examples of
tasks performed in each phase.

Explain the differences between passive and active

reconnaissance techniques. What are the advantages and
18 04
risks associated with each technique, and when should each
be used in a penetration testing engagement?

What are some common tools used in reconnaissance and

information gathering, and how do they help penetration
19 04
testers collect valuable information? Provide examples of
tools used for passive and active reconnaissance.

How does the rise of cloud computing impact

reconnaissance and information gathering in penetration
testing? What specific challenges do penetration testers face
20 04
when performing reconnaissance on cloud-based
infrastructure, and how can they overcome these
challenges?

What is footprinting in the context of penetration testing,

and how does it contribute to the overall testing process?
21 05
Describe the different types of footprinting techniques used
in penetration testing.

Explain the importance of footprinting and scanning in

penetration testing. How do these activities help penetration
22 05
testers identify vulnerabilities and attack vectors in a target
system?

What are the different types of scanning techniques used in

penetration testing? Provide examples of each and explain
23 05
how they contribute to identifying open ports, services, and
vulnerabilities.
 What are some common scanning tools used during a
penetration test, and how do they assist penetration testers
24 05 in gathering critical information about a target system?
Provide examples of tools for both active and passive
scanning.

What are the ethical and legal considerations involved in

footprinting and scanning during a penetration test? How
25 05
can penetration testers ensure they are conducting tests
within the boundaries of the law and ethical guidelines?

What are network vulnerabilities in the context of

penetration testing? Explain in detail some common types of
26 06
network vulnerabilities and how they can impact the
security of a system.

What are web application vulnerabilities, and how do they

differ from network vulnerabilities? Provide examples of
27 06
common web application vulnerabilities and explain how
they can be exploited by attackers.

Describe some common mitigation techniques for network

28 06 vulnerabilities. How can organizations reduce the risk of
exploitation of these vulnerabilities?

What are the most effective mitigation techniques for web

application vulnerabilities? Explain how secure coding
29 06
practices, input validation, and other strategies can help
protect web applications from attacks.

What tools are commonly used for identifying network and

web application vulnerabilities? Provide examples of tools
30 06
for each type and explain how they assist penetration testers
in detecting potential weaknesses.
 What is Nmap, and how is it used in penetration testing?
31 07 Explain its functionality, key features, and the types of
information it can gather during a network scan.

Explain the role of the Metasploit Framework in penetration

32 07 testing. How can penetration testers use Metasploit to
exploit vulnerabilities, and what are its key components?

Describe some important extra tools that can complement

Nmap and Metasploit in penetration testing. Provide
33 07
examples of these tools and explain how they assist in the
testing process.

What are some advanced techniques and best practices for

using penetration testing tools effectively? Discuss how
34 07
these techniques can help penetration testers achieve more
accurate and comprehensive results.

What are the ethical and legal considerations associated

with the use of penetration testing tools? How can
35 07
penetration testers ensure they are using these tools
responsibly and within legal boundaries?

What is social engineering in the context of penetration

testing, and how does it differ from technical hacking
36 07
methods? Provide examples of how social engineering is
used to exploit human vulnerabilities.

Explain the different types of social engineering attacks used

in penetration testing. How do techniques like phishing,
37 08
pretexting, baiting, and tailgating work, and in what
scenarios might each be effective?

38 08 What are the key techniques employed by attackers in social

engineering attacks? Discuss how attackers manipulate
 emotions, trust, and authority to exploit individuals for
access to sensitive information or systems.

What tools are commonly used in penetration testing to

carry out social engineering attacks? Provide examples of
39 08
such tools and explain how they help simulate real-world
social engineering scenarios to test organizational security.

What ethical and legal considerations should be taken into

account when using social engineering in penetration
40 08 testing? How can penetration testers ensure they are
following ethical guidelines and staying within the legal
boundaries during such engagements?

How can organizations defend against social engineering

attacks? Discuss best practices and strategies that companies
41 08
can implement to train employees and secure sensitive
information from social engineering tactics.

What is a buffer overflow vulnerability, and how does it

occur? Explain how buffer overflows can be exploited by
42 09
attackers to compromise system security. Provide an
example of a real-world buffer overflow attack.

Describe SQL injection attacks in the context of web

application security. How do attackers exploit SQL injection
43 09
vulnerabilities, and what potential consequences can result
from such attacks?

What are some common tools used to exploit buffer

overflow and SQL injection vulnerabilities during penetration
44 09
testing? Explain how these tools help identify and exploit
such vulnerabilities in target systems.

45 09 What are the most effective mitigation techniques for buffer

 overflow vulnerabilities? How can developers and system
administrators reduce the risk of buffer overflows in their
systems?

What are the best practices for defending against SQL

injection attacks? Discuss both technical and procedural
46 09
methods that organizations can implement to protect their
web applications from SQL injection exploits.

What is post-exploitation in the context of penetration

testing, and how does it differ from the initial exploitation
47 10
phase? Explain its importance in assessing the real impact of
a security breach.

Discuss key post-exploitation techniques used by penetration

testers. How do privilege escalation, persistence, lateral
48 10 movement, and data exfiltration contribute to achieving the
attacker's objectives? Provide real-world examples where
these techniques have been used.

What are the common tools used for post-exploitation in

penetration testing? Explain how tools like Metasploit,
49 10 Cobalt Strike, and Mimikatz assist in maintaining access,
escalating privileges, and gathering information from
compromised systems.

What mitigation and defense strategies can organizations

implement to detect and prevent post-exploitation
50 10 activities? Discuss the role of network segmentation,
endpoint detection and response (EDR), and logging in
minimizing the risk of post-exploitation.

51 10 Analyze a real-world cyber attack where post-exploitation

techniques played a critical role in achieving the attacker's
goals. What lessons can organizations learn from such
 incidents to improve their security posture?

How do attackers establish persistence after gaining access

to a system in post-exploitation? Discuss techniques such as
52 10 backdoors, scheduled tasks, and registry modifications, and
explain how security teams can detect and mitigate these
threats.

What is privilege escalation in penetration testing, and how

53 11 does it differ between vertical and horizontal privilege
escalation? Provide real-world examples of both types.

How can vulnerabilities in software or operating systems be

exploited for privilege escalation? Discuss techniques such as
54 11
buffer overflow exploits and kernel vulnerabilities with
practical examples.

Explain how misconfigurations and weak permissions in file

systems, services, or registry settings can be leveraged for
55 11
privilege escalation. Provide examples from both Windows
and Linux environments.

What role does password cracking and hash dumping play in

privilege escalation? Describe tools and techniques used to
56 11
extract and crack credentials, such as Mimikatz, John the
Ripper, and Pass-the-Hash attacks.

What are the best mitigation techniques against privilege

escalation attacks? Discuss security practices such as
57 11
principle of least privilege (PoLP), patch management, and
monitoring suspicious activities.

What is wireless network penetration testing, and why is it

58 12 important? Explain the key differences between wireless and
wired network penetration testing.
 Describe the key phases of a wireless penetration test,
including preparation, information gathering, network
59 12 mapping, and attack execution. How do these phases
contribute to identifying vulnerabilities in a wireless
network?

What are some common attack techniques used in wireless

penetration testing? Explain methods such as WPA/WPA2
60 12
cracking, rogue access points, Evil Twin attacks, and
deauthentication attacks with practical examples.

What are the essential tools used for wireless penetration

testing? Discuss tools such as Aircrack-ng, Kismet, Wireshark,
61 12
and Reaver, explaining how they help in assessing wireless
security vulnerabilities.

How can organizations defend against wireless network

attacks identified during penetration testing? Discuss
62 12 security best practices, including WPA3 implementation,
MAC address filtering, disabling WPS, and intrusion
detection systems for wireless networks.

Why is a penetration testing report important, and how does

it contribute to an organization’s overall security strategy?
63 13
Discuss the role of reporting in the penetration testing
lifecycle.

What are the key components of a penetration testing

report? Describe the essential sections, including the
64 13
executive summary, findings, risk assessment,
recommendations, and technical details.

65 13 How should penetration testers structure their reports to

effectively communicate vulnerabilities to both technical and
non-technical stakeholders? Discuss best practices for
 making reports clear, concise, and actionable.

What are some common mistakes in penetration testing

66 13 reports, and how can they be avoided? Provide examples of
poor reporting practices and how they can be improved.

How can penetration testing reports be used for compliance

and regulatory purposes? Discuss how organizations can
67 13
leverage reports to meet security standards such as GDPR,
PCI-DSS, and ISO 27001.

What are the legal considerations that penetration testers

must be aware of before conducting a penetration test?
68 14 Discuss the importance of obtaining explicit authorization
and the legal implications of performing unauthorized
testing.

Explain the ethical considerations in penetration testing.

How do penetration testers ensure they are acting ethically
69 14
while performing tests, and what ethical guidelines should
they follow to avoid causing harm to clients or third parties?

What is the role of written agreements, such as contracts

and scope of work documents, in mitigating legal and ethical
70 14
risks during penetration testing? Discuss the importance of
clear communication and boundaries in these documents.

How do penetration testers handle sensitive data obtained

during testing? Discuss the ethical and legal obligations
71 14
surrounding data handling, storage, and disposal in the
context of penetration testing.

What are security best practices in the context of

72 15 penetration testing, and why are they important for
maintaining a secure network or system?
 How can organizations apply remediation strategies after
identifying vulnerabilities during a penetration test? Discuss
73 15
the role of patch management, system hardening, and
configuration changes in remediation.

Explain the importance of continuous monitoring and testing

as part of a long-term remediation strategy. How does
74 15
ongoing security evaluation help maintain a secure
environment after penetration testing is complete?

How can remediation strategies be tailored to different types

of vulnerabilities (e.g., web application vulnerabilities,
75 15 network vulnerabilities, privilege escalation issues)? Discuss
specific remediation techniques for each type and how they
align with security best practices.

Head of the Programme: dos.T.A.Aliyeva

Teacher: A.M.Mammadov