Task and Mark Distribution
There are many aspects to Ethical Hacking. Aside from the obvious technical skills, you will also be required to report on penetration tests.
The ability to report your findings, contextualise threats within the wider cyber security field, and reflect upon the process is a key skill. In this coursework, you are required to write a report on the topics studied during the lab sessions for the module.
Report Requirements
You will need to produce a report on TWO of the weekly topics. This can include
- Reconnaissance
- Privilege Escalation
- Any of the Web vulnerabilities (for example XSS or SQLi).
Topic Discussion
For each of the topics you need to write a technical discussion of the topic including:
- Introduction to the topic: What it is, and why it is of interest in Cyber security
- Discussion of this topic including:
- Technical / Practical implementation of the topic (How does this work)
- Example of the topic in the "Real world"
- Discussion of the topic in the wider security context (What does it mean in terms of security, how common is it, how "dangerous" is the vulnerability)
- Considerations for mitigating this problem in general.
- Social, Legal and Ethical considerations with this particular topic
Marking Scheme
| Element | Marks Available |
|---|---|
| Introduction / Conclusions | 10 |
| Topic 1 | 40 |
| (Consisting of) | |
| - Technical Implementation | (10) |
| - Context / Example | (15) |
| - Legal and Ethical Considerations | (5) |
| - Mitigation | (10) |
| Topic 2 | 40 |
| (Marks as Topic 1) | |
| Report Structure | 10 |
Suggested Report Structure
The recommended structure for the report is
- Introduction
- Discussion of topic 1 (see above)
- Discussion of topic 2 (see above)
- Summary
- References
IMPORTANT NOTE / TIP FOR SUCCESS:
Remember, this assignment is intended to assess your wider understanding of the subject.
The bulk of the marks are awarded for the discussion element (rather than the technical aspects). Rather than focus purely on the technical aspects (the how), you are expected to examine WHAT this means in terms of security, and the legal and ethical context. In many of these topics there is no clear cut answer, so remember to strengthen your argument with relevant citations from appropriate sources.
Marking Matrix
| Grade | Mark | Description |
|---|---|---|
| No submission | 0 | No work submitted |
| Fail | 0-25 | Clear failure demonstrating little understanding of relevant theories, concepts and issues. Minimal evidence of research and use of established methodologies and incomplete knowledge of the area. Serious and fundamental errors and aspects missing. No evidence of research. |
| Near Fail | 25-39 | Very limited understanding of relevant theories, concepts and. Little evidence of research and use of established methodologies. Some relevant material will be present. Deficiencies evident in analysis. Fundamental errors and some misunderstanding likely to be present. |
| Pass | 40-49 | Meets the learning outcomes with a basic understanding of relevant theories, concepts and issues.. Demonstrates an understanding of knowledge and subject-specific theories sufficient to deal with concepts. Assessment may be incomplete and with some errors. Research scope sufficient to evidence use of some established methodologies. Some irrelevant material likely to be present |
| 2:2 | 50-59 | Good understanding of relevant theories, concepts and issues with some critical analysis. Research undertaken accurately using established methodologies, enquiry beyond that recommended may be present. Some errors may be present and some inclusion of irrelevant material. Good understanding, with evidence of breadth and depth, of knowledge and subject-specific theories with indications of originality and autonomy |
| 2:1 | 60-69 | Very good work demonstrating strong understanding of theories, concepts and issues with clear critical analysis. Thorough research, using established methodologies accurately, beyond the recommended minimum with little, if any, irrelevant material present. Very good understanding, evidencing breadth and depth, of knowledge and subject-specific theories with some originality and autonomy. |
| First | 70-79 | Excellent work with clear evidence of understanding, creativity and critical/analytical skills. Thorough research well beyond the minimum recommended using methodologies beyond the usual range. Excellent understanding of knowledge and subject-specific theories with evidence of considerable originality and autonomy. |
| Outstanding | 80-90 | Outstanding work with high degree of understanding, creativity and critical/analytical skills. Outstanding understanding of knowledge and subject-specific theories. Evidence of outstanding research well beyond minimum recommended using a range of methodologies. Demonstrates creative flair, originality and autonomy. |
| Exceptional | 90-100 | Exceptional work with very high degree of understanding, creativity and critical/analytic skills. Evidence of exceptional research well beyond minimum recommended using a range of methodologies. . Exceptional understanding of knowledge and subject-specific theories. Demonstrates creative flair, a high degree of originality and autonomy. |