Learn your way! Get started

Security Analyst, Part 2 of 4: Penetration Testing Overview

with expert Don Bowers


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 7/21/2017
Level Beginner
Runtime 2h 5m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code Included
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

There are many ways and methodologies designed to analyze the information security needs of a corporation or government entity. One of the best ways to analyze the security posture of an organization is through penetration testing. Examine the fundamentals of penetration testing including limits (known as the Scope of Work), the several phases of PTests, and additional methodologies and guidelines. Additionally, the importance of information security auditing and vulnerability assessments will be discussed, as well as legal concerns and risks that may arise for both the penetration tester and the organization being tested.

Prerequisites

In order to maximize you leaning experience when taking this course, the following prerequisites are highly recommended: Security + Certification, knowledge of CEH (Certified Ethical Hacker), knowledge of CHFI (Computer Hacking Forensic Investigator) and the CBK (Common Body of Knowledge) associated with the CISSP and CISA certifications are also very helpful.

Meet the expert

Don Bowers has been in the computer industry for over 36 years as a database programmer and an information systems and security analyst.  Don’s primary focus over the last 10 years has been in the area of information security and digital forensics.  Don currently serves as an Assistant Professor and the Program Chair for the Cybersecurity program at the College of Western Idaho.  As well as being an associate professor Don also holds the distinction of being a Certified EC-Council Instructor.  Don holds several industry certifications including MCITP Enterprise, MCSE + Security, CISSP, CISA, CEH, CHFI, ECSA (EC-Council Security Analysis), LPT (Licensed Penetration Tester) and ACE (AccessData Certified Examiner).

Course outline



Auditing, Vulnerability, and Pen Testing

Auditing Vulnerability Assessment and Pen Test (24:44)
  • Introduction (00:35)
  • Auditing, Vulnerability Assessment, and Pentesting (08:22)
  • Audit, Vulnerability Assess, and Pen Test (cont'd) (02:55)
  • Why Penetration Testing is Important (05:04)
  • What Types of Things Should be Tested (07:27)
  • Summary (00:19)
Types and Phases of Penetration Testing (28:38)
  • Introduction (00:32)
  • Non-destructive, Destructive Penetration Testing (02:59)
  • Blue Team, Red Team Penetration Testing (05:39)
  • Black, White, and Grey Box Penetration Testing (02:29)
  • External, Internal Penetration Testing (07:41)
  • Penetration Testing Processes (01:52)
  • Pre-Attack Phase (02:36)
  • Attack Phase (02:05)
  • Post-Attack Phase (02:12)
  • Summary (00:28)

Methodologies, Guidelines, and Pen Test Results

Methodologies and Guidelines (38:32)
  • Introduction (00:28)
  • Methodologies of Penetration Testing (06:46)
  • Help Designing Your Methodology (04:17)
  • Demo: Open Source Testing Documents (03:22)
  • Demo: Open Source Report Documents (02:55)
  • Penetration Testing Guidelines, Documentation (05:19)
  • Penetration Testing Guidelines, Professionalism (11:11)
  • Penetration Testing Guidelines, Risks and Skills (03:34)
  • Summary (00:36)
Penetration Testing Results (33:11)
  • Introduction (00:33)
  • Penetration Testing Rules, Risks, and Behaviors (06:58)
  • Legal Issues (05:51)
  • Documents Needed for Penetration Testers (04:08)
  • Liability Concerns (02:36)
  • Rules of Engagement I (05:00)
  • Rules of Engagement II (03:49)
  • Demo: Documents Concerning Rules of Behavior (03:27)
  • Summary (00:44)