England.  Change location

Systems penetration testing

Qualification dates
Start End

Penetration testing is a highly technical area of cybersecurity. It requires knowledge of multiple subjects: operating systems, databases, networking, programming, vulnerability and malware analysis, web services, cryptography, and social engineering. Penetration testers also need to understand the adversary mindset. You’ll learn to design and implement penetration tests to stakeholder requirements and gain skills to help mitigate cyber-attacks by implementing countermeasures and security controls. You’ll develop knowledge and understanding aligned with the Certified Ethical Hacker (CEH) programme through our EC-Council partnership.

What you will study

The module comprises five blocks:

Block 1: Module introduction
This block provides an overview of TM359 and introduces the pedagogic approach and the EC-Council CEH content. You’ll study customer engagement, report writing, frameworks and standards, and legal requirements of a penetration test.

Block 2: Reconnaissance, scanning and enumeration
In the second block, you’ll study footprinting and reconnaissance, scanning networks, enumeration, and vulnerability analysis.

Block 3: System hacking and gaining access
Block 3 covers system hacking, malware threats, sniffing, social engineering, denial-of-service attacks, session hijacking, evading IDS, firewalls, honeypots, hacking web servers, hacking web applications and SQL injection.

Block 4: Stakeholder engagement, independent study and automation
In this block, you’ll study stakeholder engagement and reporting plus one of the following topics: hacking wireless networks, hacking mobile platforms, IoT and OT (Operational Technology) hacking, cloud computing or cryptography. You’ll learn about the essential components of bash scripting and the Python programming language to support penetration testing scripting and automation. You’ll learn how to install and configure Python and Python basics, including handling data and variable types, and using conditions, loops, error handling and functions.

Block 5: Countermeasures
In the final block, you’ll study countermeasures, plus how to mitigate the vulnerabilities and prevent the associated exploits, averting system breaches.

Throughout the module, you’ll have access to online labs for hands-on exercises and the opportunity to hack systems in a controlled and safe environment.

Entry requirements

TM359 is an OU level 3 module; therefore, you need a good knowledge of computer science obtained through OU level 1 and 2 study or another higher education institution.

You must have passed:

We strongly recommend that you check your background and experience are sufficient to tackle this module. We’ve found that appropriately prepared students have the best chance of completing their studies and get the most enjoyment from the module.

Talk to an advisor if you’re not sure you’re ready.

What's included

You’ll have access to a module website, which includes:

  • a week-by-week study planner
  • audio and video content
  • interactive activities
  • third-party resources
  • assessment
  • online tutorial access
  • student and tutor group forums.

The module uses an ebook Certified Ethical Hacker from EC-Council. You’ll also have access to EC-Council iLabs to practice penetration tests in a safe and secure environment.

The CEH material is also delivered as a series of video lectures on the EC-Council iClass platform, accessible by a standard web browser.

Computing requirements

You’ll need broadband internet access and a desktop or laptop computer with an up-to-date version of Windows (10 or 11) or macOS Ventura or higher.

Any additional software will be provided or is generally freely available.

To join in spoken conversations in tutorials, we recommend a wired headset (headphones/earphones with a built-in microphone).

Our module websites comply with web standards, and any modern browser is suitable for most activities.

Our OU Study mobile app will operate on all current, supported versions of Android and iOS. It’s not available on Kindle.

It’s also possible to access some module materials on a mobile phone, tablet device or Chromebook. However, as you may be asked to install additional software or use certain applications, you’ll also require a desktop or laptop, as described above.

Teaching and assessment

Support from your tutor

Throughout your module studies, you’ll get help and support from your assigned module tutor. They’ll help you by:

  • Marking your assignments and providing detailed feedback for you to improve.
  • Guiding you to additional learning resources.
  • Providing individual guidance, whether that’s for general study skills or specific module content.
  • Facilitating online discussions between your fellow students, in the dedicated module and tutor group forums.

Module tutors also run online tutorials throughout the module. Where possible, recordings of online tutorials will be made available to students. While these tutorials won’t be compulsory for you to complete the module, you’re strongly encouraged to take part.


The assessment details for this module can be found in the facts box.

If you have a disability

The OU strives to make all aspects of study accessible to everyone and this Accessibility Statement outlines what studying TM359 involves. You should use this information to inform your study preparations and any discussions with us about how we can meet your needs.

Future availability

Systems penetration testing (TM359) starts once a year – in February.

This page describes the module that will start in February 2025.

We expect it to start for the last time in February 2028.

Course work includes:

2 Tutor-marked assignments (TMAs)
1 Interactive computer-marked assignment (iCMA)
End-of-module assessment