CSCM828 Security Vulnerabilities and Penetration Testing

This advanced postgraduate module was delivered in 2026 as a core technical element of the NCSC-certified MSc Cyber Security programme at Swansea University. The course delivers an intensive, hands-on methodology for identifying architectural weaknesses, discovering security flaws, and executing controlled exploitation techniques to secure enterprise networks.

Course Overview

Hosted within the high-performance Computational Foundry on the Bay Campus, this module bridges theoretical software vulnerabilities with offensive security automation. Students learn how to adopt an adversarial mindset to discover, document, and ethically remediate complex security flaws.

Key Topics Covered

• Information Gathering & Reconnaissance: Passive and active scanning, OSINT frameworks, network mapping, and banner grabbing.
• Vulnerability Assessment: Automating flaw discovery, ranking severity scales using CVSS, and eliminating false positives.
• Exploitation Frameworks: Crafting and executing tailored payloads within controlled laboratory environments.
• Web Application Security: Deep dive into the OWASP Top 10 vulnerabilities, including cross-site scripting (XSS) and SQL injection.
• Post-Exploitation & Reporting: Privilege escalation paths, data extraction boundaries, and compiling executive-level remediation documentation.

Laboratory & Practical Exercises

Students engaged in extensive technical challenges using isolated networks in the dedicated Swansea Cyber Security Lab. Practical coursework included penetration testing simulated cloud targets and auditing custom target machines.