Southern Utah University

Course Syllabus

Southern Utah University
Southern Utah University
Fall Semester 2025

Penetration Testing (Online)

CSIA 6280-A70

Course: CSIA 6280-A70
Credits: 3
Term: Fall Semester 2025
Department: CSIS
CRN: 30405

Course Description

This course will provide a fundamental understanding of penetration testing methodologies, techniques, and tools. It will also cover various topics such as ethical hacking principles and legal considerations. Students will learn how to identify, exploit, and report vulnerabilities in computer systems and networks. (Fall - 1st Session) [Graded (Standard Letter)] Registration Restriction(s): CSIA students only or program director permission

Required Texts


Additional reading material may be required, no textbooks required. 

In the Module Overviews you will find various articles, videos, and voice over presentations to assist you with this course, many of which will be part of the free textbooks listed above. It is important that you thoroughly read or listen to all resources provided. Additional reading material includes: 
  • Hands On Ethical Hacking Tactics Shane Hartman, 2024
  • The Art of Network Penetration Testing- Royce Davis, 2020
  • GPEN GIAC Certified Penetration Tester All-in-One Exam Guide- Raymond Nutting et al, 2020
  • AWS Penetration Testing -Jonathan Helmus, 2021
  • Burp Suite Cookbook - Second Edition - Dr. Sunny Wear, 2023
  • Mastering Metasploit - Fourth Edition- Nipun Jaswal, 2020
  • Penetration Testing-James Hayes et al, 2019
  • Professional Penetration Testing-Thomas Wilhelm, 2015
  • The Pentester Blueprint-Phillip L. Wylie and Kim Crawley, 2020

Learning Outcomes

  1. Identify and exploit vulnerabilities in systems and networks
  2. Examine the scope of penetration testing assignments
  3. Conduct reconnaissance and information gathering
  4. Understand privilege escalation and maintaining access to compromised systems
  5. Write comprehensive and actionable penetration testing reports

Course Requirements

Students are required to complete/review the resources and assignments.

Course Outline

Some of the topcis inlcude, but not limited to:
  • Introduction to PenTesting
    • Define and explain penetration testing
    • Explain fundamental concepts in computer/network/application security 
    • Explain the term “hacking” and at least three “types” of hackers
  • Information Gather and reconnaissance
    • Explain the term “scope” in penetration testing, how it is determined, and why it is importan
    • Explain “reconnaissance”, some ways it might be done, and the part it plays in penetration testing
    • Demonstrate basic reconnaissance skills by completing labs
  • Exploitation Techniques
    •  Explain “exploitation” in penetration testing
    • Name several exploitation tools and techniques and describe their use
    • Demonstrate basic mastery of these skills by completing labs
  • Post Exploitation and Persistence 
    •  Describe “persistence” in the context of penetration
    • Describe ways persistence might be achieved and maintained
    • Describe tools and techniques a blue team might use to find and eliminate persistence
    • Demonstrate basic mastery by completing labs
  • Reporting and Communication and Managing a Pen Test Program
    • Explain the primary objectives of penetration testing
    • Explain the primary objectives of a penetration testing report and the sections typically included
  •  Integrating Penetration Testing into Cybersecurity Programs
    • Explain how to use the outputs from a penetration testing program in the context of the larger security program
    • Explain the pros and cons of having an internal penetration team vs. using an external partner
    • Explain how to use a penetration testing program to support a security program

Instructor's policies on late assignments and/or makeup work

 Late assignments will not be accepted without prior communication with and approval from instructor. Quizzes and exams missed because of illness, a university-approved absence, or and absence approved in advance by the instructor will be made up convenient to the instructor. In all other cases, no credits will be given for the exam.

Attendance Policy

This is an online course. This means that you must plan accordingly to meet the deadlines for assignments. 

Course Fees

https://www.suu.edu/registrar/course-fees.html

ADA Statement

Students with medical, psychological, learning, or other disabilities desiring academic adjustments, accommodations, or auxiliary aids will need to contact the Disability Resource Center, located in Room 206F of the Sharwan Smith Center or by phone at (435) 865-8042. The Disability Resource Center determines eligibility for and authorizes the provision of services.

If your instructor requires attendance, you may need to seek an ADA accommodation to request an exception to this attendance policy. Please contact the Disability Resource Center to determine what, if any, ADA accommodations are reasonable and appropriate.

Academic Credit

According to the federal definition of a Carnegie credit hour: A credit hour of work is the equivalent of approximately 60 minutes of class time or independent study work. A minimum of 45 hours of work by each student is required for each unit of credit. Credit is earned only when course requirements are met. One (1) credit hour is equivalent to 15 contact hours of lecture, discussion, testing, evaluation, or seminar, as well as 30 hours of student homework. An equivalent amount of work is expected for laboratory work, internships, practica, studio, and other academic work leading to the awarding of credit hours. Credit granted for individual courses, labs, or studio classes ranges from 0.5 to 15 credit hours per semester.

Academic Freedom

SUU is operated for the common good of the greater community it serves. The common good depends upon the free search for truth and its free exposition. Academic Freedom is the right of faculty to study, discuss, investigate, teach, and publish. Academic Freedom is essential to these purposes and applies to both teaching and research.

Academic Freedom in the realm of teaching is fundamental for the protection of the rights of the faculty member and of you, the student, with respect to the free pursuit of learning and discovery. Faculty members possess the right to full freedom in the classroom in discussing their subjects. They may present any controversial material relevant to their courses and their intended learning outcomes, but they shall take care not to introduce into their teaching controversial materials which have no relation to the subject being taught or the intended learning outcomes for the course.

As such, students enrolled in any course at SUU may encounter topics, perspectives, and ideas that are unfamiliar or controversial, with the educational intent of providing a meaningful learning environment that fosters your growth and development. These parameters related to Academic Freedom are included in SUU Policy 6.6.

Academic Misconduct

Scholastic honesty is expected of all students. Dishonesty will not be tolerated and will be prosecuted to the fullest extent (see SUU Policy 6.33). You are expected to have read and understood the current SUU student conduct code (SUU Policy 11.2) regarding student responsibilities and rights, the intellectual property policy (SUU Policy 5.52), information about procedures, and what constitutes acceptable behavior.

Please Note: The use of websites or services that sell essays is a violation of these policies; likewise, the use of websites or services that provide answers to assignments, quizzes, or tests is also a violation of these policies. Regarding the use of Generative Artificial Intelligence (AI), you should check with your individual course instructor.

Emergency Management Statement

In case of an emergency, the University's Emergency Notification System (ENS) will be activated. Students are encouraged to maintain updated contact information using the link on the homepage of the mySUU portal. In addition, students are encouraged to familiarize themselves with the Emergency Response Protocols posted in each classroom. Detailed information about the University's emergency management plan can be found at https://www.suu.edu/emergency.

HEOA Compliance Statement

For a full set of Higher Education Opportunity Act (HEOA) compliance statements, please visit https://www.suu.edu/heoa. The sharing of copyrighted material through peer-to-peer (P2P) file sharing, except as provided under U.S. copyright law, is prohibited by law; additional information can be found at https://my.suu.edu/help/article/1096/heoa-compliance-plan.

You are also expected to comply with policies regarding intellectual property (SUU Policy 5.52) and copyright (SUU Policy 5.54).

Mandatory Reporting

University policy (SUU Policy 5.60) requires instructors to report disclosures received from students that indicate they have been subjected to sexual misconduct/harassment. The University defines sexual harassment consistent with Federal Regulations (34 C.F.R. Part 106, Subpart D) to include quid pro quo, hostile environment harassment, sexual assault, dating violence, domestic violence, and stalking. When students communicate this information to an instructor in-person, by email, or within writing assignments, the instructor will report that to the Title IX Coordinator to ensure students receive support from the Title IX Office. A reporting form is available at https://cm.maxient.com/reportingform.php?SouthernUtahUniv

Non-Discrimination Statement

SUU is committed to fostering an inclusive community of lifelong learners and believes our university's encompassing of different views, beliefs, and identities makes us stronger, more innovative, and better prepared for the global society.

SUU does not discriminate on the basis of race, religion, color, national origin, citizenship, sex (including sex discrimination and sexual harassment), sexual orientation, gender identity, age, ancestry, disability status, pregnancy, pregnancy-related conditions, genetic information, military status, veteran status, or other bases protected by applicable law in employment, treatment, admission, access to educational programs and activities, or other University benefits or services.

SUU strives to cultivate a campus environment that encourages freedom of expression from diverse viewpoints. We encourage all to dialogue within a spirit of respect, civility, and decency.

For additional information on non-discrimination, please see SUU Policy 5.27 and/or visit https://www.suu.edu/nondiscrimination.

Pregnancy

Students who are or become pregnant during this course may receive reasonable modifications to facilitate continued access and participation in the course. Pregnancy and related conditions are broadly defined to include pregnancy, childbirth, termination of pregnancy, lactation, related medical conditions, and recovery. To obtain reasonable modifications, please make a request to title9@suu.edu. To learn more visit: https://www.suu.edu/titleix/pregnancy.html.

Disclaimer Statement

Information contained in this syllabus, other than the grading, late assignments, makeup work, and attendance policies, may be subject to change with advance notice, as deemed appropriate by the instructor.