Ethical Hacking Introduction

Ethical hacking — also called penetration testing — is a real career in Sri Lanka, with growing demand from banks, telcos, fintechs and government. Our 12-week Ethical Hacking Introduction course gives Grade 10–13 students a structured, legal, ethical introduction to how cyber attacks actually work and how defenders stop them.

The entire course is conducted in safe, isolated lab environments — DVWA, TryHackMe, Hack The Box (free tiers), and our own self-hosted CTF challenges. Students learn networking basics (TCP/IP, ports, packets), the Linux command line, basic Python for security scripting, reconnaissance, scanning with nmap, web-application vulnerabilities (the OWASP Top 10 — SQL injection, XSS, CSRF, broken authentication and more), password attacks, basic Wi-Fi security and defensive thinking.

Three projects: a structured penetration test of a deliberately vulnerable web app (write a real professional report), a Capture The Flag challenge competition with classmates, and a final defensive project where each student hardens a sample Sri Lankan small-business WordPress site against the very attacks they just learned.

We are very explicit and unambiguous about ethics and Sri Lankan law: students sign a code of conduct, every technique is taught only against systems we own or explicitly authorise, and we discuss the Sri Lankan Computer Crimes Act so students understand the legal lines. This course is excellent preparation for university computer-security tracks and for entry-level cybersecurity internships in Sri Lanka. Prerequisite: completion of Cybersecurity & Internet Safety or equivalent prior knowledge.

Course Outline

• Weeks 1–2: Networking + Linux command line
• Week 3: Python for security
• Week 4: Reconnaissance + nmap
• Weeks 5–6: OWASP Top 10 part 1
• Weeks 7–8: OWASP Top 10 part 2
• Week 9: Password attacks + Wi-Fi
• Week 10: Penetration test project + report
• Week 11: CTF competition
• Week 12: Defensive hardening project + ethics review