Using Students to Pen Test Your Network (for Credit)

We taught CMSC498L, an undergraduate class on penetration testing entitled "Secure Maryland" in spring 2012. The main novelty of the class was that students were able to discover, probe, and attempt to exploit live systems on the whole of the University of Maryland's computer networks and act on what they found. This session will discuss the structure of the class, the vulnerabilities we found and the process we took to ensure they were fixed, and lessons learned for others who might like to try this exercise.