Skip to content
Teachers
Go to pupils
Choose exam board for KS4 Biology
Choose exam board for KS4 Chemistry
Choose exam board for KS4 Combined science
Choose exam board for KS4 Computer Science (GCSE)
Choose exam board for KS4 English
Choose exam board for KS4 French
Choose exam board for KS4 Geography
Choose exam board for KS4 German
Choose exam board for KS4 History
Choose tier for KS4 Maths
Choose exam board for KS4 Music
Choose exam board for KS4 Physical education (GCSE)
Choose exam board for KS4 Physics
Choose exam board for KS4 Religious education (GCSE)
Choose exam board for KS4 Spanish

Guidance

About us

Testing as a form of defence

Download all resources
Previous lesson
Next lesson
Skip to lesson content
Share lesson with pupils

Lesson details

Learning outcome

I can describe and design a penetration test.

Key learning points

  1. Penetration testing is a controlled method of testing a system’s security by simulating real cyberattacks.
  2. Penetration testing helps identify and fix vulnerabilities before attackers can exploit them.
  3. There are different types of penetration tests, including black box, white box and grey box.
  4. Penetration testing is a key part of maintaining strong cybersecurity in organisations.

Keywords

  • Penetration testing - a simulated cyberattack used to test the security of a computer system, network or application

  • Security - the measures and practices used to protect systems, networks and data from unauthorised access, damage or theft

  • Ethical hacker - a cybersecurity professional who is authorised to break into systems in order to find and fix vulnerabilities

  • Network forensics - the process of monitoring and analysing computer network traffic to gather information and detect intrusion

Common misconception

Penetration testing is illegal or the same as hacking.

Penetration testing is legal and ethical when done with permission. It's a form of ethical hacking used to help organisations find and fix security weaknesses before real hackers exploit them.

Teacher tip

Use real-world analogies like testing a house for weak locks or open windows to explain how penetration testers look for vulnerabilities in a system. Then, guide students through a simple, controlled scenario such as identifying weaknesses in a mock website or app.

Licence

This content is © Oak National Academy Limited (2025), licensed on Open Government Licence version 3.0
 except where otherwise stated. See Oak's terms & conditions
 (Collection 2).

Lesson video

Skip lesson video

Loading...

Prior knowledge starter quiz

Download starter quiz questions (PDF)

6 Questions

Q1.
What is the main purpose of a cipher?

to store files
to delete data
to print documents
Correct answer: to encrypt messages

Q2.
What does "encrypt" mean?

change a file’s name
Correct answer: convert readable text into a coded form
delete a message
copy a message

Q3.
What do you call the method or value used to encrypt and decrypt messages?

Correct Answer: key

Q4.
Which cipher shifts each letter by a set number of places?

Correct Answer: Caesar cipher, Caesar

Q5.
Arrange the steps in encrypting a message using a cipher:

1 - write the original message
2 - apply the cipher rule
3 - produce ciphertext
4 - share the encrypted message

Q6.
Match each keyword to its definition:

Correct Answer:encrypt,to turn readable information into a coded form

to turn readable information into a coded form

Correct Answer:decrypt,to turn coded information back into readable form

to turn coded information back into readable form

Correct Answer:ciphertext,the scrambled, unreadable version of a message

the scrambled, unreadable version of a message

Assessment exit quiz

Download exit quiz questions (PDF)

6 Questions

Q1.
What is the main purpose of penetration testing?

to damage a network
Correct answer: to test security by simulating real cyberattacks
to create new software
to back up data

Q2.
Which of the following best describes an ethical hacker?

Correct answer: someone who is authorised to test and improve security
someone who creates viruses
someone who monitors social media
someone who breaks into systems without permission

Q3.
Which type of penetration test involves some knowledge of the system?

Correct Answer: grey box

Q4.
Put these steps of a penetration test in the correct order:

1 - plan the test
2 - simulate an attack
3 - identify vulnerabilities
4 - report findings

Q5.
Which statement best explains the difference between penetration testing and illegal hacking?

Correct answer: penetration testing is authorised, while hacking is unauthorised
both are always illegal
hacking is always helpful
there is no difference

Q6.
What term describes the use of deception to manipulate individuals into revealing confidential information or granting unauthorised access?

Correct Answer: social engineering

To help you plan your 11 computer science lesson on: Testing as a form of defence, download all teaching resources for free and adapt to suit your pupils' needs...