Course description
There are many ways and methodologies designed to analyze the information security needs of a corporation or government entity. One of the best ways to analyze the security posture of an organization is through penetration testing. Examine the fundamentals of penetration testing including limits (known as the Scope of Work), the several phases of PTests, and additional methodologies and guidelines. Additionally, the importance of information security auditing and vulnerability assessments will be discussed, as well as legal concerns and risks that may arise for both the penetration tester and the organization being tested.
Prerequisites
In order to maximize you leaning experience when taking this course, the following prerequisites are highly recommended:
Security + Certification, knowledge of CEH (Certified Ethical Hacker), knowledge of
CHFI (Computer Hacking Forensic Investigator) and the CBK (Common Body of Knowledge) associated with the CISSP and CISA certifications are also very helpful.
Meet the expert
Don Bowers has been in the computer industry for over 36 years as a database programmer and an information systems and security analyst. Don’s primary focus over the last 10 years has been in the area of information security and digital forensics. Don currently serves as an Assistant Professor and the Program Chair for the Cybersecurity program at the College of Western Idaho. As well as being an associate professor Don also holds the distinction of being a Certified EC-Council Instructor. Don holds several industry certifications including MCITP Enterprise, MCSE + Security, CISSP, CISA, CEH, CHFI, ECSA (EC-Council Security Analysis), LPT (Licensed Penetration Tester) and ACE (AccessData Certified Examiner).
Course outline
Auditing, Vulnerability, and Pen Testing
Auditing Vulnerability Assessment and Pen Test (24:44)
- Introduction (00:35)
- Auditing, Vulnerability Assessment, and Pentesting (08:22)
- Audit, Vulnerability Assess, and Pen Test (cont'd) (02:55)
- Why Penetration Testing is Important (05:04)
- What Types of Things Should be Tested (07:27)
- Summary (00:19)
Types and Phases of Penetration Testing (28:38)
- Introduction (00:32)
- Non-destructive, Destructive Penetration Testing (02:59)
- Blue Team, Red Team Penetration Testing (05:39)
- Black, White, and Grey Box Penetration Testing (02:29)
- External, Internal Penetration Testing (07:41)
- Penetration Testing Processes (01:52)
- Pre-Attack Phase (02:36)
- Attack Phase (02:05)
- Post-Attack Phase (02:12)
- Summary (00:28)
Methodologies, Guidelines, and Pen Test Results
Methodologies and Guidelines (38:32)
- Introduction (00:28)
- Methodologies of Penetration Testing (06:46)
- Help Designing Your Methodology (04:17)
- Demo: Open Source Testing Documents (03:22)
- Demo: Open Source Report Documents (02:55)
- Penetration Testing Guidelines, Documentation (05:19)
- Penetration Testing Guidelines, Professionalism (11:11)
- Penetration Testing Guidelines, Risks and Skills (03:34)
- Summary (00:36)
Penetration Testing Results (33:11)
- Introduction (00:33)
- Penetration Testing Rules, Risks, and Behaviors (06:58)
- Legal Issues (05:51)
- Documents Needed for Penetration Testers (04:08)
- Liability Concerns (02:36)
- Rules of Engagement I (05:00)
- Rules of Engagement II (03:49)
- Demo: Documents Concerning Rules of Behavior (03:27)
- Summary (00:44)