Introduction to Basic Vulnerability Assessment Skills

AWR368 – 7.50 Hours


EC AWR368 56 Register

This schedule is subject to change without notice. If you have not received confirmation of the class prior to the class start, please contact the division at or [email protected] to get the latest schedule.

Course Description

This course introduces the preparatory skills needed to learn penetration testing and vulnerability assessment, and familiarizes Information Technology support personnel and managers with the tactics, techniques and procedures (TTPs) that are used by attackers and penetration testers. Participants will have an increased knowledge and understanding about the tools used in a cyber-attack and in turn be better able to prepare defenses. The course focuses on the basic skills and knowledge needed to conduct and plan vulnerability assessments and penetration tests as well as show how to legally and ethically conduct tests and assessments. Participants will be introduced to Open Source tools such as Metasploit and Nmap, as well as methodologies for researching vulnerabilities. This course is designed based on research and federal agency reports.


This course is offered by the National Cybersecurity Preparedness Consortium (NCPC) and was developed by the NCPC partner the Norwich University Applied Research Institutes (NUARI).  The course is funded through the DHS/FEMA Homeland Security National Training Program and is offered at no cost.


Participants in this course should be currently serving in an Information Technology support capacity or come from an Information Technology middle management position. Although there are no prerequisites for this course, it is expected that participants have network and internet proficiency, as well as familiarity with both Windows and Linux file and operating systems, as well as basic command line use.

Must be a U.S. Citizen or Permanent Resident or receive approval from TEEX/DHS-FEMA prior to the start
of the class. Please contact us for more information on the approval process.

Students must have a FEMA Student Identification Number (SID) to register for this class. To obtain a SID, register online at

Course Completion Requirements

Students must earn a minimum score of 70% on the module post-test to receive their certificate.

Attendance Requirements

To meet attendance requirements, participants must review each training module and complete all required course assignments, activities, quizzes, and/or end of course exam.

To prevent issues during your online course, the following is recommended:

  • Broadband connection
  • Current browser updated to the latest version (i.e., Edge, Chrome, Firefox, Safari)
  • Pop-ups must be enabled.
  • Adobe Acrobat Reader 7 or higher

Upon successful completion, you will be able to:

  • Describe the purpose and functions of penetration testing
  • Describe the steps taken and considerations to be made prior to conducting penetration testing
  • Describe the steps taken to execute a penetration test, as well as the outcomes of the test
  • Identify the potential targets of penetration testing
  • Describe software and network vulnerabilities
  • Describe the steps and tools used to find vulnerabilities and the exploits for those vulnerabilities
  • Describe social engineering methods used for penetration testing
  • Define human factors that impact social engineering
  • Identify tools used to conduct social engineering penetration testing
  • Describe commonly used network fundamentals
  • Identify NMAP as a tool used to map networks
  • Describe output of NAMAP
  • Describe TCP/IP
  • Describe packet capture utilities used for information gathering
  • Describe packet capture data useful for analysis
  • Describe the purpose and usages of Metasploit
  • Describe how to use Metasploit as a tool in penetration testing
  • Describe the outcomes of using Metasploit to conduct penetration tests

Suggested Audience

The target audience for this course includes Information Technology Support Personnel and technically proficient mid-level management in the public sector. The audience can be comprised of individual participants, as well as organizational divisions or a combination of both. Participants include, but are not limited to, information technology support personnel from the following entities:

  • Law Enforcement
  • Emergency Management
  • Emergency Medical Services
  • Fire Service
  • Public Safety
  • Governmental Administrative

This course is appropriate for individuals working for state, local, tribal, and territorial organizations, and especially those at decision-making levels, such as line supervisors, and middle management. The course is not designed for firefighters, police officers or EMTs.

Other Information

After registering for this online course, you will receive an email with instructions for getting started. If you do not receive a confirmation within one hour, please contact us.

Government Programs

Contact Information

Business & Cyber Solutions
Phone: (979) 431-4837
Email: [email protected]