England

Please tell us where you live so that we can provide you with the most relevant information as you use this website.
If you are at a BFPO address please choose the country or region in which you would ordinarily be resident.
Accessibility statement
Penetration testing is a highly technical area of cybersecurity. It requires knowledge of multiple subjects: operating systems, databases, networking, programming, vulnerability and malware analysis, web services, cryptography, and social engineering. Penetration testers also need to understand the adversary mindset. You’ll learn to design and implement penetration tests to stakeholder requirements and gain skills to help mitigate cyber-attacks by implementing countermeasures and security controls. You’ll develop knowledge and understanding aligned with the Certified Ethical Hacker (CEH) programme through our EC-Council partnership.
The module comprises five blocks:
Block 1: Module introduction
This block provides an overview of TM359 and introduces the pedagogic approach and the EC-Council CEH content. You’ll study customer engagement, report writing, frameworks and standards, and legal requirements of a penetration test.
Block 2: Reconnaissance, scanning and enumeration
In the second block, you’ll study footprinting and reconnaissance, scanning networks, enumeration, and vulnerability analysis.
Block 3: System hacking and gaining access
Block 3 covers system hacking, malware threats, sniffing, social engineering, denial-of-service attacks, session hijacking, evading IDS, firewalls, honeypots, hacking web servers, hacking web applications and SQL injection.
Block 4: Stakeholder engagement, independent study and automation
In this block, you’ll study stakeholder engagement and reporting, plus one of the following topics: hacking wireless networks, hacking mobile platforms, IoT and OT (Operational Technology) hacking, cloud computing or cryptography. You’ll learn about the essential components of bash scripting and the Python programming language to support penetration testing scripting and automation. You’ll learn how to install and configure Python and Python basics, including handling data and variable types, and using conditions, loops, error handling and functions.
Block 5: Countermeasures
In the final block, you’ll study countermeasures and how to mitigate vulnerabilities and prevent the associated exploits, averting system breaches.
Throughout the module, you’ll have access to online labs for hands-on exercises and the opportunity to hack systems in a controlled and safe environment.
You'll need a good knowledge of computer science obtained through OU level 1 and 2 study or another higher education institution.
You must have passed:
You’ll get help and support from an assigned tutor throughout your module.
They’ll help by:
Online tutorials run throughout the module. While they’re not compulsory, we strongly encourage you to participate. Where possible, we’ll make recordings available.
Course work includes:
You’ll have access to a module website, which includes:
Additionally, the website includes:
The OU strives to make all aspects of study accessible to everyone, and this Accessibility Statement outlines what studying TM359 involves. You should use this information to inform your study preparations and any discussions with us about how we can meet your needs.
To find out more about what kind of support and adjustments might be available, contact us or visit our Disability support website.
Systems penetration testing (TM359) starts once a year – in February.
It will next start in February 2027.
We expect it to start for the last time in February 2028.
Back to previous page