Choose exam board for KS4 Computer Science (GCSE)
Choose exam board for KS4 English
Choose exam board for KS4 French
Choose exam board for KS4 Geography
Choose exam board for KS4 German
Choose exam board for KS4 History
Choose tier for KS4 Maths
Choose exam board for KS4 Music
Choose exam board for KS4 Physical education (GCSE)
Choose exam board for KS4 Religious education (GCSE)
Choose exam board for KS4 Spanish

      Testing as a form of defence

      Lesson details

      Learning outcome

      I can describe and design a penetration test.

      Key learning points

      1. Penetration testing is a controlled method of testing a system’s security by simulating real cyberattacks.
      2. Penetration testing helps identify and fix vulnerabilities before attackers can exploit them.
      3. There are different types of penetration tests, including black box, white box and grey box.
      4. Penetration testing is a key part of maintaining strong cybersecurity in organisations.

      Keywords

      • Penetration testing - a simulated cyberattack used to test the security of a computer system, network or application

      • Security - the measures and practices used to protect systems, networks and data from unauthorised access, damage or theft

      • Ethical hacker - a cybersecurity professional who is authorised to break into systems in order to find and fix vulnerabilities

      • Network forensics - the process of monitoring and analysing computer network traffic to gather information and detect intrusion

      Common misconception

      Penetration testing is illegal or the same as hacking.

      Penetration testing is legal and ethical when done with permission. It's a form of ethical hacking used to help organisations find and fix security weaknesses before real hackers exploit them.

      Teacher tip

      Use real-world analogies like testing a house for weak locks or open windows to explain how penetration testers look for vulnerabilities in a system. Then, guide students through a simple, controlled scenario such as identifying weaknesses in a mock website or app.

      Licence

      This content is © Oak National Academy Limited (2025), licensed on Open Government Licence version 3.0
      except where otherwise stated. See Oak's terms & conditions
      (Collection 2).

      Lesson video

      Loading...

      Prior knowledge starter quiz

      6 Questions

      Q1.
      What is the main purpose of a cipher?

      to store files
      to delete data
      to print documents
      Correct answer: to encrypt messages

      Q2.
      What does "encrypt" mean?

      change a file’s name
      Correct answer: convert readable text into a coded form
      delete a message
      copy a message

      Q3.
      What do you call the method or value used to encrypt and decrypt messages?

      Correct Answer: key

      Q4.
      Which cipher shifts each letter by a set number of places?

      Correct Answer: Caesar cipher, Caesar

      Q5.
      Arrange the steps in encrypting a message using a cipher:

      1 - write the original message
      2 - apply the cipher rule
      3 - produce ciphertext
      4 - share the encrypted message

      Q6.
      Match each keyword to its definition:

      Correct Answer:encrypt,to turn readable information into a coded form

      to turn readable information into a coded form

      Correct Answer:decrypt,to turn coded information back into readable form

      to turn coded information back into readable form

      Correct Answer:ciphertext,the scrambled, unreadable version of a message

      the scrambled, unreadable version of a message

      6 Questions

      Q1.
      What is the main purpose of penetration testing?

      to damage a network
      Correct answer: to test security by simulating real cyberattacks
      to create new software
      to back up data

      Q2.
      Which of the following best describes an ethical hacker?

      Correct answer: someone who is authorised to test and improve security
      someone who creates viruses
      someone who monitors social media
      someone who breaks into systems without permission

      Q3.
      Which type of penetration test involves some knowledge of the system?

      Correct Answer: grey box

      Q4.
      Put these steps of a penetration test in the correct order:

      1 - plan the test
      2 - simulate an attack
      3 - identify vulnerabilities
      4 - report findings

      Q5.
      Which statement best explains the difference between penetration testing and illegal hacking?

      Correct answer: penetration testing is authorised, while hacking is unauthorised
      both are always illegal
      hacking is always helpful
      there is no difference

      Q6.
      What term describes the use of deception to manipulate individuals into revealing confidential information or granting unauthorised access?

      Correct Answer: social engineering

      To help you plan your 11 computer science lesson on: Testing as a form of defence, download all teaching resources for free and adapt to suit your pupils' needs...