The module aims to equip students with the knowledge and skills to assess infrastructure components, systems, and applications against key security standards such as confidentiality, integrity, authentication, availability, authorization, and non-repudiation. Students will gain a comprehensive understanding of vulnerability assessment (VA) and penetration testing, identifying frameworks, and learning to categorize and perform vulnerability testing. Topics include network, system, and application VA, source code reviews, and penetration testing methodologies. The module will also cover the preparation stages of VA, such as information gathering, communication, and legal agreements, as well as tools and techniques used for VA, including industry-standard scanning tools like Nessus, Nmap, and Burp Suite. Additionally, students will learn about reporting vulnerabilities, validating results, and prioritizing remediation actions through security patches and other controls. Upon completion, students will be able to effectively carry out vulnerability assessments, remediate vulnerabilities, and produce detailed reports in compliance with regulatory and security standards.