University of Mumbai

Syllabus

Honours/ Minor Degree Program

in
Cyber Security

FACULTY OF SCIENCE & TECHNOLOGY

(As per AICTE guidelines with effect from the academic year 2022-2023)

142
 University of Mumbai
Cyber Security
(With effect from 2022-23)
Teaching Credit
Examination Scheme and Marks
Course Code Scheme Hours / Week Scheme
Year
and Course Internal End
&Sem Seminar/ Term Oral/
Title Theory Pract Assess Sem Total Credits
Tutorial Work Pract
ment Exam
HCSC501:
TE 04 -- -- 20 80 -- -- 100 04
Ethical Hacking
Sem
V Total 04 - -- 100 - - 100 04
Total Credits = 04

TE HCSC601:
Sem. 04 -- -- 20 80 -- -- 100 04
Digital Forensic
VI Total 04 - - 100 - - 100 04
Total Credits = 04

HCSC701:
BE Security
04 -- -- 20 80 -- -- 100 04
Sem. Information
VII Management
HCSSBL601:
Vulnerability
Assessment
-- -- 04 -- -- 50 50 100 02
Penetration
Testing (VAPT)
Lab (SBL)
Total 04 - 04 100 50 50 200 06
Total Credits = 06

BE HCSC801:
Sem. Application 04 - -- 20 80 -- -- 100 04
VIII Security
Total 04 - - 100 - - 100 04
Total Credits = 04

Total Credits for Semesters V,VI, VII &VIII = 04+04+06+04=18

143
Course Course Title Theory Practical Tutorial Theory Practical/ Tutorial Tota
Code Oral l
HCSC501 Ethical 04 -- -- 04 -- -- 04
Hacking

Examination Scheme
Course Course Theory Marks
Code Title Internal assessment End Term
Practical Oral Total
Avg. of Sem. Work
Test 1 Test 2
2 Tests Exam
HCSC501 Ethical
Hacking 20 20 20 80 -- -- -- 100

Course Objectives:
Sr. No. Course Objectives
The course aims:
1 To describe Ethical hacking and fundamentals of computer Network.
2 To understand about Network security threats, vulnerabilities assessment and social
engineering.
3 To discuss cryptography and its applications.
4 To implement the methodologies and techniques of Sniffing techniques, tools, and ethical
issues.
5 To implement the methodologies and techniques of hardware security.
6 To demonstrate systems using various case studies.

Course Outcomes:
Sr. Course Outcomes Cognitive levels
No. of attainment as

Taxonomy
On successful completion, of course, learner/student will be able to:
1 Articulate the fundamentals of Computer Networks, IP Routing and core L1,L2
concepts of ethical hacking in real world scenarios.
2 Apply the knowledge of information gathering to prevent penetration testing L3
and social engineering attacks.
3 Demonstrate the core concepts of Cryptography, Cryptographic checksums L1,L2
and evaluate the various biometric authentication mechanisms.
4 Apply the knowledge of network reconnaissance to prevent Network and L3
web application-based attacks.
5 Apply the concepts of hardware elements and endpoint security to provide L3
security to physical devices.
6 Simulate various attack scenarios and evaluate the results. L4,L5

DETAILED SYLLABUS:

144
Sr. Module Detailed Content Hours CO
No. Mapping

0 Prerequisite Computer Networks, Databases, system security 2 -

I Introduction to Fundamentals of Computer Networks/IP protocol 10 CO1

Ethical stack, IP addressing and routing, Routing protocol,
Hacking Protocol vulnerabilities, Steps of ethical hacking,
Demonstration of Routing Protocols using Cisco
Packet Tracer
Self-learning Topics:TCP/IP model, OSI model
II Introduction to Private-key encryption, public key-encryption, key 08 CO3
Cryptography Exchange Protocols, Cryptographic Hash
Functions & applications, steganography, biometric
authentication, lightweight cryptographic
algorithms. Demonstration of various
cryptographic tools and hashing algorithms
Self-learning Topics: Quantum cryptography,
Elliptic curve cryptography
III Introduction to Information gathering, reconnaissance, scanning, 12 CO2
network vulnerability assessment, Open VAS, Nessus,
security System hacking: Password cracking, penetration
testing, Social engineering attacks, Malware
threats, hacking wireless networks (WEP, WPA,
WPA-2), Proxy network, VPN security, Study of
various tools for Network Security such as
Wireshark, John the Ripper, Metasploit, etc.
Self-learning Topics: Ransomware(Wannacry),
Botnets, Rootkits, Mobile device security
IV Introduction to OWASP, Web Security Considerations, User 10 CO4
web security Authentication, Cookies, SSL, HTTPS, Privacy on
and Attacks Web, Account Harvesting, Web Bugs, Sniffing,
ARP poisoning, Denial of service attacks, Hacking
Web Applications, Clickjacking, Cross-Site
scripting and Request Forgery, Session Hijacking
and Management, Phishing and Pharming
Techniques, SSO, Vulnerability assessments, SQL
injection, Web Service Security, OAuth 2.0,
Demonstration of hacking tools on Kali Linux such
as SQLMap, HTTrack, hping, burp suite,Wireshark
etc.
Self-learning Topics: Format string attacks
V Elements of Side channel attacks, physical unclonable 6 CO5
Hardware functions, Firewalls,Backdoors and trapdoors,
Security

145
 Demonstration of Side Channel Attacks on RSA,
IDS and Honeypots.
Self-learning Topics: IoT security
VI Case Studies Various attacks scenarios and their remedies. 4 CO6
Demonstration of attacks using DVWA.
Self-learning Topics: Session hijacking and man-
in-middle attacks
Text Books:
1. Computer Security Principles and Practice --William Stallings, Seventh Edition, Pearson Education, 2017
2. Security in Computing -- Charles P. Pfleeger, Fifth Edition, Pearson Education, 2015
3. Network Security and Cryptography -- Bernard Menezes, Cengage Learning, 2014
4. Network Security Bible -- Eric Cole, Second Edition, Wiley, 2011
5. Mark Stamp's Information Security: Principles and Practice --Deven Shah, Wiley, 2009

References:
1.UNIX Network Programming Richard Steven,Addison Wesley, 2003
2. Cryptography and Network Security -- Atul Kahate, 3rd edition, Tata Mc Graw Hill, 2013
3.TCP/IP Protocol Suite -- B. A. Forouzan, 4th Edition, Tata Mc Graw Hill, 2017
4. Applied Cryptography, Protocols Algorithms and Source Code in C -- Bruce Schneier, 2nd
Edition / 20th Anniversary Edition, Wiley, 2015

Online Resources:
Sr. No. Website Name
1. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
2. https://dvwa.co.uk/
3. http://testphp.vulnweb.com/

Assessment:
Internal Assessment (IA) for 20 marks:
IA will consist of Two Compulsory Internal Assessment Tests. Approximately 40% to 50%
of syllabus content must be covered in First IA Test and remaining 40% to 50% of syllabus
content must be covered in Second IA Test

Question paper format

Question Paper will comprise of a total of six questions each carrying 20 marks Q.1 will
be compulsory and should cover maximum contents of the syllabus

Remaining questions will be mixed in nature (part (a) and part (b) of each question must
be from different modules. For example, if Q.2 has part (a) from Module 3 then part (b)
must be from any other Module randomly selected from all the modules)

A total of four questions need to be answered

146
Course Course Title Theory Practical Tutorial Theory Practical/ Tutorial Total
Code Oral
HCSC601 Digital 04 -- -- 04 -- -- 04
Forensic

Examination Scheme

Theory Marks
Course Course
Code Title Internal assessment End Term
Practical Oral Total
Sem. Work
Avg. of 2
Test1 Test 2 Exam
Tests
HCSC601 Digital
Forensic 20 20 20 80 -- -- -- 100

Course Objectives:
Sr. No. Course Objectives
The course aims:
1 To understand the various computer and cyber-crimes in the digital world.
2 To understand a significance of digital forensics life cycle, underlying forensics principles and
investigation process.
3 To understand the importance of File system management with respect to computer forensics.
4 To be able to identify the live data in case of any incident handling and application of
appropriate tools and practices for the same.
5 To Develop the skills in application of various tools and investigation report writing with
suitable evidences.
6 To be able to identify the network and mobile related threats and recommendation of suitable
forensics procedures for the same.

Course Outcomes:
Sr. Course Outcomes Cognitive levels
No. of attainment as
per
Taxonomy
On successful completion, of course, learner/student will be able to:
1 Identify and define the class for various computer and cyber-crimes in the digital L1,L2
world.
2 Understand the need of digital forensic and the role of digital evidence. L1,L2
3 Understand and analyze the role of File systems in computer forensics. L1,L2,L3
4 Demonstrate the incident response methodology with the best practices for L3
incidence response with the application of forensics tools.
5 Generate/Write the report on application of appropriate computer forensic tools L5
for investigation of any computer security incident .
6 Identify and investigate threats in network and mobile. L4

DETAILED SYLLABUS:

147
Sr. Module Detailed Content Hours CO
No. Mapping

0 Prerequisite Computer Hardware: Motherboard, CPU, 2 --

Memory: RAM, Hard Disk Drive (HDD), Solid
State Drive (SSD), Optical drive
Computer Networks: Introduction CN
Terminology: Router, Gateway, OSI and
TCP/IP Layers
Operating Systems: Role of OS in file
management, Memory management utilities,
Fundamentals of file systems used in Windows
and Linux.
I Introduction to 1.1 Definition and classification of 4 CO1
Cybercrime and cybercrimes: Definition, Hacking, DoS
Computer-crime Attacks, Trojan Attacks, Credit Card Frauds,
Cyber Terrorism, Cyber Stalking.
1.2 Definition and classification of computer
crimes: Computer Viruses, Computer Worms.
1.3 Prevention of Cybercrime: Steps that can
be followed to prevent cybercrime, Hackers,
Crackers, Phreakers.
Self-learning Topics: Steps performed by
Hacker

II Introduction to 2.1 Introduction to Digital Forensics: 5 CO2

Digital Forensics Introduction to Digital Forensics and lifecycle,
and Digital Principles of Digital Forensic.
Evidences
2.2 Introduction to Digital Evidences:
Challenging Aspects of Digital Evidence,
Scientific Evidence, Presenting Digital
Evidence.
2.3 Digital Investigation Process Models:
Physical Model, Staircase Model, Evidence
Flow Model.
Self-learning Topics: Digital Investigation
Process Models comparison and its application,
Rules of Digital Evidence.
III Computer 3.1 OS File Systems Review: Windows 7 CO3
Forensics Systems- FAT32 and NTFS, UNIX File
Systems, MAC File Systems
3.2 Windows OS Artifacts: Registry, Event
Logs

148
 3.3 Memory Forensics : RAM Forensic
Analysis, Creating a RAM Memory Image,
Volatility framework, Extracting Information
3.4 Computer Forensic Tools: Need of
Computer Forensic Tools, Types of Computer
Forensic Tools, Tasks performed by Computer
Forensic Tools
Self-learning Topics:

IV Incident 4.1 Incidence Response Methodology: Goals 10 CO4

Response of Incident Response, Finding and Hiring IR
Management, Talent
Live Data
4.2 IR Process: Initial Response, Investigation,
Collection and
Remediation, Tracking of Significant
Forensic
Investigative Information.
Duplication
4.3 Live Data Collection: Live Data Collection
on Microsoft Windows,
4.4 Forensic Duplication: Forensic Duplicates
as Admissible Evidence, Forensic Duplication
Tools: Creating a Forensic evidence,
Duplicate/Qualified Forensic Duplicate of a
Hard Drive.
Self-learning Topics: Live Data Collection on
Unix-Based Systems

V Forensic Tools 5.1 Forensic Image Acquisition in Linux : 10 CO5

and Report Acquire an Image with dd Tools, Acquire an
Writing Image with Forensic Formats, Preserve Digital
Evidence with Cryptography, Image
Acquisition over a Network, Acquire
Removable Media
5.2 Forensic Investigation Report Writing:
Reporting Standards, Report Style and
Formatting, Report Content and Organization.
Self-learning Topics: Case study on Report
Writing
VI Network 6.1 Network Forensics: Sources of Network- 14 CO6
Forensics and Based Evidence, Principles of Internetworking,
Mobile Forensics Internet Protocol Suite, Evidence Acquisition,
Analyzing Network Traffic: Packet Flow and
Statistical Flow, Network Intrusion Detection
and Analysis, Investigation of Routers,
Investigation of Firewalls
6.2 Mobile Forensics: Mobile Phone
Challenges, Mobile phone evidence extraction
149
 process, Android OS Architecture, Android File
Systems basics, Types of Investigation,
Procedure for Handling an Android Device,
Imaging Android USB Mass Storage Devices.
Self-learning Topic: Elcomsoft iOS Forensic
Toolkit, Remo Recover tool for Android Data
recovery

Text Books:
1. Digital Forensics by Dr. Dhananjay R. Kalbande Dr. Nilakshi Jain, Wiley Publications,
First Edition, 2019.
2. Digital Evidence and Computer Crime by Eoghan Casey, Elsevier Academic Press, Third
Edition, 2011.
3. Incident Response & Computer Forensics by Jason T. Luttgens, Matthew Pepe and Kevin
Mandia, McGraw-Hill Education, Third Edition (2014).
4. Network Forensics : Tracking Hackers through Cyberspace by Sherri Davidoff and
Jonathan Ham, Pearson Edu,2012
5. Practical Mobile Forensic by Satish Bommisetty, Rohit Tamma, Heather Mahalik,
PACKT publication, Open source publication, 2014 ISBN 978-1-78328-831-1
6. The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and
Mac Memory by Michael Hale Ligh (Author), Andrew Case (Author), Jamie Levy
(Author), AAron Walters (Author), Publisher : Wiley; 1st edition (3 October 2014),

References:
1. Scene of the Cybercrime: Computer Forensics by Debra Littlejohn Shinder, Syngress
Publication, First Edition, 2002.
2. Digital Forensics with Open Source Tools by Cory Altheide and Harlan Carvey, Syngress
Publication, First Edition, 2011.
3. Practical Forensic Imaging Securing Digital Evidence with Linux Tools by Bruce
Nikkel,NoStarch Press, San Francisco,(2016)
4. Android Forensics : Investigation, Analysis, and Mobile Security for Google Android by
Andrew Hogg, Elsevier Publication,2011

Online References:
Sr. Website Name
No.
1. https://www.pearsonitcertification.com/articles/article.aspx?p=462199&seqNum=2
2. https://flylib.com/books/en/3.394.1.51/1/
3. https://www.sleuthkit.org/autopsy/
4. http://md5deep.sourceforge.net/md5deep.html
5. https://tools.kali.org/
6. https://kalilinuxtutorials.com/
7. https://accessdata.com/product-download/ftk-imager-version-4-3-0
8. https://www.amazon.in/Art-Memory-Forensics-Detecting-Malware/dp/1118825098
150
Research Papers: Mobile Forensics/Guidelines on Cell Phone Forensics
1. Computer Forensics Resource Center: NIST Draft Special Publication 800-101 :
https://csrc.nist.gov/publications/detail/sp/800-101/rev-1/final
2. https://cyberforensicator.com/category/white-papers
3. https://www.magnetforensics.com/resources/ios-11-parsing-whitepaper/
4. Samarjeet Yadav , Satya Prakash , Neelam Dayal and Vrijendra Singh, "Forensics Analysis
WhatsApp in Android Mobile Phone", Electronic copy available
at: https://ssrn.com/abstract=3576379
Assessment:
Internal Assessment (IA) for 20 marks:
IA will consist of Two Compulsory Internal Assessment Tests. Approximately 40% to 50%
of syllabus content must be covered in First IA Test and remaining 40% to 50% of syllabus
content must be covered in Second IA Test

Question paper format

Question Paper will comprise of a total of six questions each carrying 20 marks Q.1 will
be compulsory and should cover maximum contents of the syllabus

Remaining questions will be mixed in nature (part (a) and part (b) of each question must
be from different modules. For example, if Q.2 has part (a) from Module 3 then part (b)
must be from any other Module randomly selected from all the modules)

A total of four questions need to be answered

151
Course Course Title Theory Practical Tutorial Theory Practical/ Tutorial Total
Code Oral
HCSC701 Security 04 -- -- 04 -- -- 04
Information
Management

Examination Scheme
Theory Marks
Course
Course Title Internal assessment End Term
Code Practical Oral Total
Sem. Work
Avg. of 2 Exam
Test1 Test 2
Tests
HCSC701 Security
Information 20 20 20 80 -- -- -- 100
Management
Course Objectives:
Sr. No. Course Objectives
The course aims:
1 The course is aimed to focus on cybercrime and need to protect information.
2 Understand the types of attacks and how to tackle the amount of risk involved.
3 Discuss the role of industry standards and legal requirements with respect to compliance.
4 Distinguish between different types of access control models, techniques and policy.
5 Awareness about Business Continuity and Disaster Recovery.
6 Awareness about Incident Management and its life cycle.

Course Outcomes:
Sr. Course Outcomes Cognitive levels
No. of attainment as

Taxonomy
On successful completion, of course, learner/student will be able to:
1 Understand the scope of policies and measures of information security to L1,L2
people.
2 Interpret various standards available for Information security. L1,L2
3 Apply risk assessment methodology. L3
4 Apply the role of access control to Identity management. L3
5 Understand the concept of incident management, disaster recovery and L1,L2
business continuity.
6 Identify common issues in web application and server security. L3

DETAILED SYLLABUS:
Sr. Module Detailed Content Hours CO
No. Mapping
0 Prerequisite Vulnerability Assessment for Operating Systems, Network 2 --
(Wired and Wireless). Tools for conducting Reconnaissance.

152
I Basics of 1.1 What is Information Security & Why do you need it? 6 CO1, CO2
Information 1.2 Basics Principles of Confidentiality, Integrity
Security 1.3 Availability Concepts, Policies, procedures, Guidelines,
Standards
1.4 Administrative Measures and Technical Measures, People,
Process, Technology, IT ACT 2000, IT ACT 2008
Self-learning Topics: Impact of IT on organizations,
Importance of IS to Society
II Current 2.1 Cloud Computing: benefits and Issues related to 8 CO2
Trends in information Security.
Information 2.2 Standards available for InfoSec: Cobit, Cadbury, ISO
Security 27001, OWASP, OSSTMM.
2.3 An Overview, Certifiable Standards: How, What, When,
Who.
Self-learning Topics: Cloud Threats, Impact of cloud
computing on users, examples of cloud service providers:
Amazon, Google, Microsoft, Salesforce etc.
III Threat & 3.1 Threat Modelling: Threat, Threat-Source, 8 CO3
Risk Vulnerability, Attacks.
Management 3.2 Risk Assessment Frameworks: ISO 31010, NIST-SP-800-
30, OCTAVE
3.3 Risk Assessment and Analysis: Risk Team Formation,
Information and Asset Value, Identifying Threat and
Vulnerability, Risk Assessment Methodologies
3.4 Quantification of Risk, Identification of Monitoring
mechanism, Calculating Total Risk and Residual Risk.

Self-learning Topics: Risk management trends today and

tomorrow.
IV Identity and 4.1 Concepts of Identification, Authentication, Authorization 10 CO4
Access and Accountability.
Management 4.2 Access Control Models: Discretionary, Mandatory,
Role based and Rule-based.
4.3 Access Control Techniques: Constrained User, Access
control Matrix, Content-dependent, Context dependent
4.4 Access Control Methods: Administrative, Physical,
Technical, Layering of Access control
4.5 Access Control Monitoring: IDS and IPS and anomaly
detection.
4.6 Accountability: Event-Monitoring and log reviews.
Log Protection
4.7 Threats to Access Control: Various Attacks on the
Authentication systems.

Self-learning Topics: challenges and solutions in identity and

access management

153
 V Operational 5.1 Concept of Availability, High Availability, 10 CO5
Security Redundancy and Backup.
5.2 Calculating Availability, Mean Time Between Failure
(MTBF), Mean Time to Repair (MTTR)
5.3 Incident Management: Detection, Response,
Mitigation, Reporting, Recovery and Remediation
5.4 Disaster Recovery:
Metric for Disaster Recovery, Recovery Time Objective
(RTO), Recovery Point Objective (RPO), Work Recovery
Time (WRT), Maximum Tolerable Downtime (MTD),
Business Process Recovery, Facility Recovery (Hot site, Warm
site, Cold site, Redundant site), Backup & Restoration

Self-learning Topics: Challenges and Opportunities of

Having an IT Disaster Recovery Plan

VI Web 6.1 Types of Audits in Windows Environment 8 CO6

Application, 6.2 Server Security, Active Directory (Group Policy),
Windows, Anti-Virus, Mails, Malware
and Linux 6.3 Endpoint protection, Shadow Passwords, SUDO users,
security etc.
6.4 Web Application Security: OWASP, Common Issues in
Web Apps, what is XSS, SQL injection, CSRF, Password
Vulnerabilities, SSL, CAPTCHA, Session Hijacking,
Local and Remote File Inclusion, Audit Trails, Web
Server Issues, etc.
Self-learning Topics:, Network firewall protection,Choosing
the Right Web Vulnerability Scanner

Textbooks:
1. Shon Harris, Fernando Maymi, CISSP All-in-One Exam Guide, McGraw Hill Education, 7 th Edition,
2016.
2. Andrei Miroshnikov, Introduction to Information Security - I, Wiley, 2018
ress; 1st ed. edition, 2014

References:
1. Rich-Schiesser, IT Systems Management: Designing, Implementing and Managing World - Class
Infrastructures, Prentice Hall; 2 edition, January 2010.
2. NPTEL Course: - Introduction to Information Security I (URL:
https://nptel.ac.in/noc/courses/noc15/SEM1/noc15-cs03/)
3. Dr. David Lanter ISACA COBIT 2019 Framework - Introduction and Methodology
4. Pete Herzog, OSSTMM 3, ISECOM
5. NIST Special Publication 800-30, Guide for Conducting Risk Assessments, September 2012

Online References:
Sr. No. Website Name
1. https://www.ultimatewindowssecurity.com/securitylog/book/Default.aspx
2. http://www.ala.org/acrl/resources/policies/chapter14
3. https://advisera.com/27001academy/what-is-iso-27001/
154
 4. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-30r1.pdf
5. http://www.diva-portal.org/smash/get/diva2:1117263/FULLTEXT01.pdf

Assessment:
Internal Assessment (IA) for 20 marks:
IA will consist of Two Compulsory Internal Assessment Tests. Approximately 40% to 50%
of syllabus content must be covered in First IA Test and remaining 40% to 50% of syllabus
content must be covered in Second IA Test

Question paper format

Question Paper will comprise of a total of six questions each carrying 20 marks Q.1 will
be compulsory and should cover maximum contents of the syllabus

Remaining questions will be mixed in nature (part (a) and part (b) of each question must
be from different modules. For example, if Q.2 has part (a) from Module 3 then part (b)
must be from any other Module randomly selected from all the modules)

A total of four questions need to be answered

155
 Teaching Scheme
(Contact Hours) Credits Assigned
Course Code Course Title Theory Practical Tutori Theory Practical Tutorial Total
al
HCSSBL601 Vulnerability -- 4 -- -- 2 -- 02
Assessment
Penetration
Testing (VAPT)
Lab (SBL)

Examination Scheme
Theory Marks
Course Code Course Title
Internal assessment End Term
Oral Total
Sem. Work
Avg. of 2 Exam
Test 1 Test 2
Tests
HCSSBL601 Vulnerability
Assessment
Penetration -- -- -- -- 50 50 100
Testing (VAPT)
Lab (SBL)

Lab Objectives:
Sr. No. Lab Objectives
The Lab aims:
1 To identify security vulnerabilities and weaknesses in the target applications.
2 To discover potential vulnerabilities which are present in the system in network using vulnerability
assessment tools.
3 To identify threats by exploiting them using penetration test attempt by utilizing the vulnerabilities
in a system
4 To recognize how security controls can be improved to prevent hackers gaining access controls to
database.
5 To test and exploit systems using various tools and understands the impact in system logs.
6 To write a report with a full understanding of current security posture and what work is necessary
to both fix the potential threat and to mitigate the same source of vulnerabilities in the future

Lab Outcomes:
Sr. Lab Outcomes Cognitive levels
No. of attainment as

Taxonomy
On successful completion, of lab, learner/student will be able to:
1 Understand the structure where vulnerability assessment is to be performed. L1,L2
2 Apply assessment tools to identify vulnerabilities present in the system in L3
network.

156
3 Evaluate attacks by executing penetration tests on the system or network. L4
4 Analyse a secure environment by improving security controls and applying L5
prevention mechanisms for unauthorised access to database.
5 Create security by testing and exploit systems using various tools and remove L6
the impact of hacking in system.
6 Formation of documents as per applying the steps of vulnerabilities of L3, L4, L5
assessment and penetration testing.

Prerequisite: Computer Networks, Basic of Network Security.

Hardware & Software Requirements:

Hardware Requirements Software Requirements Other Requirements

PC With Following 1. Windows or Linux Desktop OS 1. Internet Connection.

Configuration
2. Security Software and tools
1. Intel PIV Processor
2. 4 GB RAM
3. 500 GB Harddisk
4. Network interface card

DETAILED SYLLABUS:
Sr. Module Detailed Content Hours CO
No. Mapping

0 Prerequisite Computer Network, Basics of Network Security, 2

Ethical Hacking, Digital Forensics
I Human Security Visibility Audit: Collecting information through social 8 LO1
(Social media and internet. Collecting contact details (like
Engineering)
Assessment Active Detection Verification: Test if the phone
number, email id etc are real by test message. Test
whether the information is filtered at point of reception.
Test if operator / another person assistance can be
obtained.
Device Information: IP Address, Port details,
Accessibility, Permissions, Role in business
Trust Verification: Test whether the information can
be planted in form of note / email / Message (Phishing)
Test Subjects: College Staff, Reception, PA to
Director / Principal.
To conduct information gathering to conduct social
engineering audit on various sections in your college.
Self-Learning Topics: Networking Commands
II Network & Network Discovery: Using various tools to discover 8 LO2
Wireless Security the various connected devices, to get device name, IP
Assessment Address, relation of the device in network, Detection of

157
 Active port, OS Fingerprinting, Network port and
active service discovery
Tools: IP Scanner, Nmap etc
Network Packet Sniffing: Packet Sniffing to detect
the traffic pattern, Packet capturing to detect protocol
specific traffic pattern, Packet capturing to reassemble
packet to reveal unencrypted password
Tools: Wireshark
Self-Learning Topics: Learning the CVE database for
vulnerabilities detected.
III Setting up Including an attacker machine preferably Kali and in 9 LO3
Pentester lab the same subnet victim machines either DVWA/
SEEDlabs/ multiple VULNHUB machines as and when
required. Understanding Categories of pentest and
legalities/ ethics.
Installed Kali machine on VM environment with some
VULNHUB machines and we can find out vulnerability
of Level 1-VULNHUB machine like deleted system
files, permissions of files.
Self learning Topics: Vulnerability exploitation for
acquire root access of the Kioptrx machine
IV Database and Database Password Audit: Tool based audit has to be 9 LO4
Access Control performed for strength of password and hashes.
Security Tools: DBPw Audit
Assessment Blind SQL Injection: Test the security of the Database
for SQL Injection
Tools: BSQL Hacker
Password Audit: Perform the password audit on the
Linux / Windows based system
Tools: Cain & Able, John the ripper, LCP Password
Auditing tools for Windows.
Active Directory and Privileges Audit: Conduct a
review of the Active Directory and the Group Policy to
assess the level of access privileges allocated.
Tools: SolarWinds
Self-Learning Topics: Federated Database security
challenges and solutions.
V Log Analysis Conduct a log analysis on Server Event Log / Firewall 6 LO5
Logs / Server Security Log to review and obtain
insights
Tools: graylog, Open Audit Module.
Self-Learning Topics: Python and R-Programming
scripts
VI Compliance and License Inventory Compliance: 10 LO6
Observation Identify the number of licenses and its deployment in
Reporting your organization.
Tools: Belarc Advisor, Open Audit Report
Writing: NESSUS tool
Report should contain:

158
 a. Vulnerability discovered
b. The date of discovery
c. Common Vulnerabilities and Exposure (CVE)
database reference and score; those vulnerabilities
found with a medium or high CVE score should be
addressed immediately
d. A list of systems and devices found vulnerable
e. Detailed steps to correct the vulnerability, which can
include patching and/or reconfiguration of operating
systems or applications
f. Mitigation steps (like putting automatic OS updates
in place) to keep the same type of issue from happening
again
Purpose of Reporting: Reporting provides an
organization with a full understanding of their current
security posture and what work is necessary to both fix
the potential threat and to mitigate the same source of
vulnerabilities in the future.
Self-Learning Topics: Study of OpenVAS, Nikto, etc.

Text & Reference Books and Links:

1. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws Paperback
Illustrated, 7 October 2011 by Dafydd Stuttard
2. Hacking: The Art of Exploitation, 2nd Edition 2nd Edition by Jon Erickson
3. Important links of Vulnhub: Vulnhub Kioptrix
Download Link: https://www.vulnhub.com/entry/basic-pentesting-1,216/
https://www.vulnhub.com/entry/kioptrix-level-1-1,22/
Installation Video: https://youtu.be/JupQRHtfZmw
Walkthrough/solutions Video: https://youtu.be/Qn2cKYZ6kBI
4. OWASP Broken Web Application Projects
https://sourceforge.net/projects/owaspbwa/
5. Mastering Modern Web Penetration Testing By Prakhar Prasad, October 2016, Packt Publishing.
6. Kali Linux Revealed: Mastering the Penetration Testing Distribution June 5, 2017 by Raphael
Hertzog (Author), Jim O'Gorman (Author), Offsec Press Publisher

Term Work:

The Term work shall consist of at least 10 to 12 practical based on the above syllabus. The term work Journal
must include at least 2 assignments. The assignments should be based on real world applications which
cover concepts from all above syllabus.
Term Work Marks: 50 Marks (Total marks) = 40 Marks (Experiment) + 5 Marks Assignments/tutorial/write
up) + 5 Marks (Attendance)
Oral Exam: An Oral exam will be held based on the above syllabus.

159
 Course Code Course Theory Practical Tutorial Theory Practical/ Tutorial Total
Title Oral
HCSC801 Application 04 -- -- 04 -- -- 04
Security

Examination Scheme
Theory Marks
Course
Course Title Internal assessment End Term
Code Practical Oral Total
Sem. Work
Avg. of 2 Exam
Test1 Test 2
Tests
HCSC801 Application
Security 20 20 20 80 -- -- -- 100

Course Objectives:
Sr. No. Course Objectives
The course aims:
1 The terms and concepts of application Security, Threats, and Attacks
2 The countermeasures for the threats wrt Application security.
3 The Secure Coding Practices
4 The Secure Application Design and Architecture
5 The different Security Scanning and testing techniques
6 The threat modeling approaches

Course Outcomes:
Sr. No. Course Outcomes Cognitive levels of
attainment as per

Taxonomy
On successful completion, of course, learner/student will be able to:
1 Enumerate the terms of application Security, Threats, and Attacks L1
2 Describe the countermeasures for the threats with respect to Application L1
security.
3 Discuss the Secure Coding Practices. L2
4 Explain the Secure Application Design and Architecture. L2
5 Review the different Security Scanning and testing techniques. L2
6 Discuss the threat modeling approaches. L2

DETAILED SYLLABUS:

Sr. Module Detailed Content Hour CO

No. s Mapping

0 Prerequisite Operating System, DBMS, Computer Network, Web 02 -

Programming, OOP

160
 Introduction to Web Application Reconnaissance, 05 CO1
Finding Subdomains, API Analysis, Identifying Weak
I Introduction to
Points in Application Architecture
Application
Security, Offense: Cross-Site Scripting (XSS), Cross-Site Request
Threats, and Forgery (CSRF), XML External Entity (XXE) Injection,
Attacks Injection Attacks, Denial of Service (DoS), Cross-Origin
Resource Sharing Vulnerabilities
Self-learning Topics: Simulate the attacks using
open-source tools in virtual environment
09 CO2
II Defence and Securing Modern Web Applications, Secure Application
tools Architecture, Reviewing Code for Security, Vulnerability
Discovery, Defending Against XSS Attacks, Defending
Against CSRF Attacks, Defending Against XXE,
Defending Against Injection attacks, Defending Against
DoS, Defending against CORS based attacks

Self-learning Topics: Implement the

countermeasures to the attacks using open-source
tools
Security Requirements, Encryption, Never Trust System 09 CO3
Input, Encoding and Escaping, Third-Party Components,
III Secure Coding
Security Headers: Seatbelts for Web Apps, Securing Your
Practices
Cookies, Passwords, Storage, and Other Important
Decisions, HTTPS Everywhere, Framework Security
Features, File Uploads, Errors and Logging, Input
Validation and Sanitization, Authorization and
Authentication, Parameterized Queries, Least Privilege,
Requirements Checklist
Self-learning Topics: OWASP Secure Coding
Practices
09 CO4
IV Secure Secure Software Development Lifecycle
Application
Averting Disaster Before It Starts, Team Roles for
Design and
Security, Security in the Software Development
Architecture
Lifecycle,
Design Flaw vs. Security Bug,
Secure Design Concepts,
Segregation of Production Data,

161
 Application Security Activities
Self-learning Topics: Secure Hardware architecture
Testing Your Code, Testing Your Application, Testing CO5
Your Infrastructure, Testing Your Database, Testing 09
V Security
Your APIs and Web Services, Testing Your Integrations,
Scanning and
Testing Your Network, Dynamic Web Application
testing
Profiling

Self-learning Topics: Open-source Application

Security Tools, IAST, RASP and WAF, Selenium

Objectives and Benefits of Threat Modeling, 09 CO6

VI Threat Defining a Risk Mitigation Strategy, Improving
Modeling Application Security, Building Security in the Software
Development Life Cycle
Existing Threat Modeling Approaches
Security, Software, Risk-Based Variants
Threat Modeling Within the SDLC
Building Security in SDLC with Threat Modeling,
Integrating Threat Modeling Within the Different Types
of SDLCs,

Self-learning Topics: The Common Vulnerability

Scoring System (CVSS)
Text Books:
1.Alice and Bob Learn Application Security, by Tanya Janca Wiley; 1st edition (4 December 2020)
2. Web Application Security, A Beginner's Guide by Bryan Sullivan McGraw-Hill Education; 1st edition
(16 January 2012)
3. Web Application Security: Exploitation and Countermeasures for Modern Web
Applications by Andrew Hoffman Shroff/O'Reilly; First edition (11 March 2020)
4. The Security Development Lifecycle by Michael Howard Microsoft Press US; 1st edition (31 May 2006)
5. Risk Centric Threat Modeling Process for Attack Simulation And Threat Analysis, Tony
Ucedavélez and Marco m. Morana, Wiley
6. Iron-Clad Java: Building Secure Web Applications (Oracle Press) 1st Edition by Jim Manico

References:
1. Software Security: Building Security In by Gary McGraw Addison-Wesley Professional; 1st edition
(January 23, 2006)
2. A Guide to Securing Modern Web Applications by Michal Zalewski
3. Threat Modeling: A Practical Guide for Development Teams by Izar Tarandach and Matthew J.
Coles Dec 8, 2020

162
Online References:
Sr. Website Name
No.
1. https://owasp.org/www-project-top-ten/
2. https://owasp.org/www-pdf-archive/OWASP_SCP_Quick_Reference_Guide_v2.pdf
3. https://pentesterlab.com/
4. https://app.cybrary.it/browse/course/advanced-penetration-testing
5. https://www.udemy.com/
6. https://www.coursera.org/

Assessment:
Internal Assessment (IA) for 20 marks:
IA will consist of Two Compulsory Internal Assessment Tests. Approximately 40% to 50%
of syllabus content must be covered in First IA Test and remaining 40% to 50% of syllabus
content must be covered in Second IA Test

Question paper format

Question Paper will comprise of a total of six questions each carrying 20 marks Q.1 will
be compulsory and should cover maximum contents of the syllabus

Remaining questions will be mixed in nature (part (a) and part (b) of each question must
be from different modules. For example, if Q.2 has part (a) from Module 3 then part (b)
must be from any other Module randomly selected from all the modules)

A total of four questions need to be answered

163