Security Certifications. Presentatie SecCert 101 Jordy Kersten MSc., ISC2 Ass., CEH, OSCP

Size: px
Start display at page:

Download "Security Certifications. Presentatie SecCert 101 Jordy Kersten MSc., ISC2 Ass., CEH, OSCP"

Transcription

1 Security Certifications Presentatie SecCert 101 Jordy Kersten MSc., ISC2 Ass., CEH, OSCP

2 Wie ben ik? Jordy Kersten 26 jaar Communicatie Systemen HAN Arhnem Informatiekunde RU Nijmegen Security Consultant

3 Index SecCerts 101 Waarom? Certificaten Instituten Certificeringen Ervaringen ISC2 (CISSP) Eccouncil (CEH) Offensive Security (OSCP) Vragen/Discussie

4 Waarom? Kennis Geld Status Werk Plain old fun?

5 Media Top 10 Security Certifications CISSP 2. CISM 3. GIAC 4. CISA 5. CSFA 6. CEH 7. CBCP 8. CPP 9. CCE 10. Vendor Certifications (Cisco / Microsoft) Bron:

6 Media Top 5 Security Certifications CISSP 2. CEH 3. CISM 4. GIAC 5. Vendor Certifications Bron:

7 Expertise General (IT) Security Ethical Hacking / Pentesting Forensics

8 General Security Breed onderwerp Weinig diepgang Niet technisch

9 General Security Security+ Comptia NSA: Network Security Administrator ECCouncil SSCP: Systems Security Certified Practitioner ISC2 CISSP: Certified Information Systems Security Professional ISC2 CISM: Certified Information Security Manager ISACA CISA: Certified Information Systems Auditor ISACA

10 Hacking / Pentesting Specifiek onderwerp Veel diepgang (Zeer) Technisch

11 Hacking / Pentesting CEH: Certified Ethical Hacker ECCouncil ECSA: Certified Security Analyst ECCouncil LPT: Licensed Penetration Tester ECCouncil OSCP: Offensive Security Certified Professional OffSec OSCE: Offensive Security Certified Expert OffSec ECPPT: Certified Professional Penetration Testing elearnsecurity GSEC: SANS Security Essentials SANS GCIH: Hacker Techniques, Exploits, Incident Handling SANS GPEN: Network Penetration Testing/Ethical Hacking SANS

12 Forensics Zeer specifiek Veel diepgang Zowel technisch als niet technisch Techniek Wet en regelgeving

13 Forensics CHFI: Computer Hacking Forensic Investigator ECCouncil CCE: Certified Computer Examinar ISFCE

14 Instituten ISC2 Eccouncil elearnsecurity OffSec GIAC/SANS

15 Type certificaat (theoretisch/hands-on) Eisen (ervaring vakgebied, voorkennis) Stof (diepgaand of oppervlakkig) Examen (multiple choice/open)

16 ISC2 The International Information Systems Security Certification Consortium, Inc., (ISC)², is the global leader in educating and certifying information security professionals throughout their careers.

17 ISC2 - SSCP SSCP - Systems Security Certified Practitioner Type Eisen Stof Examen Pre-CISSP

18 ISC2 - SSCP Access Controls Cryptography Malicious Code and Activity Monitoring and Analysis Networks and Communications Risk, Response and Recovery Security Operations and Administration

19 ISC2 - CISSP CISSP - Certified Information Systems Security Professional Type Eisen Stof Examen MVP

20 ISC2 - CISSP Access Control Application Development Security Business Continuity and Disaster Recovery Planning Cryptography Information Security Governance and Risk Management Legal, Regulations, Investigations and Compliance Operations Security Physical (Environmental) Security Security Architecture and Design Telecommunications and Network Security

21 The International Council of E-Commerce Consultants (EC-Council) is a memberbased organization that certifies individuals in various e-business and information security skills.

22 ECcouncil - CEH CEH: Certified Ethical Hacker Type Eisen Stof Examen Must Have

23 ECcouncil - CEH Introduction to Ethical Hacking Footprinting and Reconnaissance Scanning Networks Enumeration System Hacking Trojans and Backdoors Viruses and Worms Sniffers Social Engineering Denial of Service Session Hijacking Hacking Webservers Hacking Web Applications SQL Injection Hacking Wireless Networks Evading IDS, Firewalls and Honeypots Buffer Overflows Cryptography Penetration Testing

24 ECcouncil LTP/ECSA ECSA: Eccouncil Certified Security Analyst Type Eisen Stof Examen Stop Talking, Start Doing

25 Experience the industry's most realistic training on penetration testing as taught by the Offensive Security Training team.

26 OffSec - OSCP OSCP: Offensive Security Certified Professional Type Eisen Stof Examen Become the Hacker

27 OffSec - OSCE OSCE: Offensive Security Certified Expert Type Eisen Stof Examen Best of the Best

28 The Global Information Assurance Certification (GIAC) was founded in 1999 to validate the real-world skills of IT security professionals.

29 GIAC - GWAPT GIAC Web Application Penetration Tester (GWAPT) Type Eisen Stof Examen 100% web apps

30 GIAC - GWAPT AJAX Application Flow Charting and Session Analysis Automated Web Application Vulnerability Scanners Client Authentication Cross Site Scripting Flash Java Applets Javascript for Pen Testers PHP Probing and Other Mapping Python Scripting Basics Recon Using Public Information Session Tracking and SSL Spidering SQL Injection The HTTP Protocol Understanding the Web Web App Pen Test Methodology and Reporting Web Application Vulnerabilities and Manual Verification Techniques Web Services XSS Frameworks and Attack Limiting

31 GIAC - GPEN GIAC (GPEN) Type Eisen Stof Examen CEH enemy

32 GIAC - GPEN Advanced Hash Manipulation Command Shell vs. Terminal Access Enumerating Users Exploitation Fundamentals Injection Attacks Legal Issues Metasploit Moving Files with Exploits Obtaining and Passing Password Representations Overview of Passwords Pen-testing Foundations Pen-testing Process Pen-Testing via the Command Line Profiling the Target Reconnaissance Scanning for Targets Using a Proxy to Attack a Web Application Vulnerability Scanning Wireless Crypto and Client Attacks Wireless Fundamentals

33 To impact our students career through the most advanced IT Security courses and the best elearning methodologies

34 ecppt elearnsecurity Certified Professional Penetration Tester Type Eisen Stof Examen Rookie cert (but good)

35 ecppt System Security Topics Introduction to system security and environment installation Understanding Polymorphism, Metamorphism and latest malware techniques Writing trojans and keyloggers (3 source code examples) Cryptographic attacks and password cracking Finding buffer overflows Exploiting buffer overflows (3 source code examples) Writing remote code execution for a real world Windows application Writing shellcodes (3 source code examples) How rootkits work Writing rootkits for windows (3 source code examples) Basics of Windows drivers development

36 ecppt Network Security Topics Information gathering on target organization Using DNS, Whois, Maltego to collect information Fingerprinting remote OS, services and devices Advanced port scanning with nmap and unicornscan Passive and Active Sniffing techniques and tools Man in the middle attacks Enumerating resources and hosts through NetBIOS and SNMP Vulnerability assessment with Nessus Exploiting with Metasploit Using covert techniques for 100% blackbox testing: proxies, socks, Tor Social Engineering - SET

37 ecppt Web Application Security Topics Introduction to Pentesting web applications Gathering information on target Enumerating resources: dirs, files, usernames Vulnerability Assessment through Nikto and Nessus Building XSS advanced attacks (real world examples) Attacking remote users through BeeF Dumping remote data through advanced SQL Injection (real world examples) Getting root through remote SQL injection Building a real world CSRF exploits against Joomla Exploiting RFI/LFI and server misconfigurations Attacking Web 2.0 and Ajax frameworks (real world examples) Google hacking

38 Vragen/Discussie

CEH Version8 Course Outline

CEH Version8 Course Outline CEH Version8 Course Outline Module 01: Introduction to Ethical Hacking Information Security Overview Information Security Threats and Attack Vectors Hacking Concepts Hacking Phases Types of Attacks Information

More information

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

More information

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)

More information

CRYPTUS DIPLOMA IN IT SECURITY

CRYPTUS DIPLOMA IN IT SECURITY CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information

More information

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning

More information

[CEH]: Ethical Hacking and Countermeasures

[CEH]: Ethical Hacking and Countermeasures [CEH]: Ethical Hacking and Countermeasures Length Audience(s) Delivery Method : 5 days : This course will significantly benefit security officers, auditors, security professionals, site administrators,

More information

CYBERTRON NETWORK SOLUTIONS

CYBERTRON NETWORK SOLUTIONS CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified

More information

EC Council Certified Ethical Hacker V8

EC Council Certified Ethical Hacker V8 Course Code: ECCEH8 Vendor: Cyber Course Overview Duration: 5 RRP: 2,445 EC Council Certified Ethical Hacker V8 Overview This class will immerse the delegates into an interactive environment where they

More information

Certified Ethical Hacker (CEH)

Certified Ethical Hacker (CEH) Certified Ethical Hacker (CEH) Course Number: CEH Length: 5 Day(s) Certification Exam This course will help you prepare for the following exams: Exam 312 50: Certified Ethical Hacker Course Overview The

More information

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)

More information

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee.

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee. Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING Anestis Bechtsoudis http://bechtsoudis.com abechtsoudis (at) ieee.org Athena Summer School 2011 Course Goals Highlight modern

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker ALL ElNis ONE CEH Certified Ethical Hacker EXAM GUIDE Matt Walker Mc Grain/ New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto McGraw-Hill

More information

Course Title: Course Description: Course Key Objective: Fee & Duration:

Course Title: Course Description: Course Key Objective: Fee & Duration: Course Title: Course Description: This is the Ethical hacking & Information Security Diploma program. This 6 months Diploma Program provides you Penetration Testing in the various field of cyber world.

More information

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2) Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2) Course number: CFED Length: 5 days Certification Exam This course will help you prepare for the following exams: CCE --

More information

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014 Security Testing Vulnerability Assessment vs Penetration Testing Gabriel Mihai Tanase, Director KPMG Romania 29 October 2014 Agenda What is? Vulnerability Assessment Penetration Testing Acting as Conclusion

More information

WEB APPLICATION FIREWALL

WEB APPLICATION FIREWALL WEB APPLICATION FIREWALL Sdn. Bhd. (1015448-T) A-5-10 Empire Tower SS16/1, Subang Jaya 47500, Selangor, Malaysia. Tel : +603 5021 8290 Fax : +603 5021 8291 Email : sales@kaapagamtech.com Web: http://www.kaapagamtech.com

More information

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Professional Penetration Testing Techniques and Vulnerability Assessment ... Course Introduction Today Hackers are everywhere, if your corporate system connects to internet that means your system might be facing with hacker. This five days course Professional Vulnerability Assessment

More information

LINUX / INFORMATION SECURITY

LINUX / INFORMATION SECURITY LINUX / INFORMATION SECURITY CERTIFICATE IN LINUX SYSTEM ADMINISTRATION The Linux open source operating system offers a wide range of graphical and command line tools that can be used to implement a high-performance,

More information

Page: Designed & Executed By: Presents Cyber Security Training

Page: Designed & Executed By: Presents Cyber Security Training Page: 1 Designed & Executed By: TM S I v8 RAINNVESTIGATOR Cyber Security Training Presents T CCE TechBharat Certified Cyber Expert TechBharat Certified Cyber Expert EC-Council Computer Hacking Forensic

More information

Audience. Pre-Requisites

Audience. Pre-Requisites T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices

More information

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration

More information

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or

More information

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

Penetration Testing in Romania

Penetration Testing in Romania Penetration Testing in Romania Adrian Furtunǎ, Ph.D. 11 October 2011 Romanian IT&C Security Forum Agenda About penetration testing Examples Q & A 2 What is penetration testing? Method for evaluating the

More information

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. Ethical Hacking and Countermeasures Course Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.

More information

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led Course Description This class will immerse the student into an interactive environment where they will

More information

EC-Council. Certified Ethical Hacker. Program Brochure

EC-Council. Certified Ethical Hacker. Program Brochure EC-Council C Certified E Ethical Hacker Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional

More information

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed Venue Nairobi Kenya (exact hotel name to be confirmed before course) Dates March 31, 2014 April 4, 2014 Inovatec College Certified Ethical Hacker (CEH) boot camp The Certified Ethical Hacker (CEH) Certification

More information

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur Demystifying Penetration Testing for the Enterprise Presented by Pravesh Gaonjur Pravesh Gaonjur Founder and Executive Director of TYLERS Information Security Consultant Certified Ethical Hacker (CEHv8Beta)

More information

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests

More information

Ethical Hacking Course Layout

Ethical Hacking Course Layout Ethical Hacking Course Layout Introduction to Ethical Hacking o What is Information Security? o Problems faced by the Corporate World o Why Corporate needs Information Security? Who is a Hacker? o Type

More information

SONDRA SCHNEIDER JOHN NUNES

SONDRA SCHNEIDER JOHN NUNES TECHNOLOGY TRANSFER PRESENTS SONDRA SCHNEIDER JOHN NUNES CERTIFIED ETHICAL HACKER TM THE ONLY WAY TO STOP A HACKER IS TO THINK LIKE ONE MAY 21-25, 2007 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME

More information

FSP-201: Ethical Hacking & IT Security

FSP-201: Ethical Hacking & IT Security FSP-201: Ethical Hacking & IT Security Session 2015-16 OVERVIEW ABOUT SIFS INDIA COURSE INTRODUCTION ENTRY REQUIREMENTS HOW TO APPLY FEE STRUCTURE COURSE MODULES CAREER PROSPECTS LIBRARY TRAINING & INTERNSHIP

More information

EC-Council Certified Security Analyst (ECSA)

EC-Council Certified Security Analyst (ECSA) EC-Council Certified Security Analyst (ECSA) v8 Eğitim Tipi ve Süresi: 5 Days VILT 5 Day VILT EC-Council Certified Security Analyst (ECSA) v8 Learn penetration testing methodologies while preparing for

More information

Certification and Training

Certification and Training Certification and Training CSE 4471: Information Security Instructor: Adam C. Champion Autumn Semester 2013 Based on slides by a former student (CSE 551) Outline Organizational information security personnel

More information

KEVIN CARDWELL. Q/SA (Qualified Security Analyst) Penetration Tester. & Optional Q/PTL (Qualified Penetration Licence) Workshop

KEVIN CARDWELL. Q/SA (Qualified Security Analyst) Penetration Tester. & Optional Q/PTL (Qualified Penetration Licence) Workshop TECHNOLOGY TRANSFER PRESENTS KEVIN CARDWELL Q/SA (Qualified Security Analyst) Penetration Tester & Optional Q/PTL (Qualified Penetration Licence) Workshop MAY 18-22, 2009 VISCONTI PALACE HOTEL - VIA FEDERICO

More information

Learn Ethical Hacking, Become a Pentester

Learn Ethical Hacking, Become a Pentester Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,

More information

Detailed Description about course module wise:

Detailed Description about course module wise: Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference

More information

McAfee Certified Assessment Specialist Network

McAfee Certified Assessment Specialist Network McAfee Certified Assessment Specialist Network Exam preparation guide Table of Contents Introduction 3 Becoming McAfee Certified 3 Exam Details 4 Recommended Exam Preparation 4 Exam Objectives 4 Sample

More information

Course Content: Session 1. Ethics & Hacking

Course Content: Session 1. Ethics & Hacking Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for

More information

(WAPT) Web Application Penetration Testing

(WAPT) Web Application Penetration Testing (WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:

More information

Conducting a Penetration Test/Vulnerability Analysis to Improve an Organization s Information Security Posture

Conducting a Penetration Test/Vulnerability Analysis to Improve an Organization s Information Security Posture 9891 Broken Land Parkway, Suite 100 Columbia, Maryland 21046 443.517.1110 Conducting a Penetration Test/Vulnerability Analysis to Improve an Organization s Information Security Posture Margaret ( Rhette)

More information

Certified Cyber Security Expert V 2.0 + Web Application Development

Certified Cyber Security Expert V 2.0 + Web Application Development Summer Training Program Certified Cyber Security Expert V + Web Application Development A] Training Sessions Schedule: Modules Ethical Hacking & Information Security Particulars Duration (hours) Ethical

More information

PENETRATION TEST & SECURITY STANDARDS

PENETRATION TEST & SECURITY STANDARDS 1NTT COM SECURITY (FORMELY INTEGRALIS) PENETRATION TEST & SECURITY STANDARDS SCOTT TSE (MPHIL, CISSP, CISM, CEH) WISHLOG@GMAIL.COM INTRODUCTION ABOUT SCOTT TSE Identify 0-day attack on web mail used by

More information

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Andreas Athanasoulias, CISM, CISSP Information Security Officer & Security Consultant Brief introduction My career path

More information

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the

More information

Bust a cap in a web app with OWASP ZAP

Bust a cap in a web app with OWASP ZAP The OWASP Foundation http://www.owasp.org Bust a cap in a web app with OWASP ZAP Adrien de Beaupré GSEC, GCIH, GPEN, GWAPT, GCIA, GXPN ZAP Evangelist Intru-Shun.ca Inc. SANS Instructor, Penetration Tester,

More information

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITEC441- IS Security. Chapter 15 Performing a Penetration Test 1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

More information

Hackers are here. Where are you?

Hackers are here. Where are you? 1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.

More information

Conducting Web Application Pentests. From Scoping to Report For Education Purposes Only

Conducting Web Application Pentests. From Scoping to Report For Education Purposes Only Conducting Web Application Pentests From Scoping to Report For Education Purposes Only Web App Pen Tests According to OWASP: A Web Application Penetration Test focuses only on evaluating the security of

More information

Vinny Hoxha Vinny Hoxha 12/08/2009

Vinny Hoxha Vinny Hoxha 12/08/2009 Ethical Hacking and Penetration Testing Vinny Hoxha Vinny Hoxha 12/08/2009 What is Ethical Hacking? Types of Attacks Testing Approach Vulnerability Assessments vs. Penetration Testing Testing Methodology

More information

EC-Council. Program Brochure. EC-Council. Page 1

EC-Council. Program Brochure. EC-Council. Page 1 Program Brochure Page 1 Certified Ethical Hacker Version 7 Revolutionary Product releases the most advanced ethical hacking program in the world. This much anticipated version was designed by hackers and

More information

Summer Training Program 2014. CCSE V3.0 Certified Cyber Security Expert Version 3.0

Summer Training Program 2014. CCSE V3.0 Certified Cyber Security Expert Version 3.0 Summer Training Program 2014 CCSE V3.0 Certified Cyber Security Expert Version 3.0 TechD Facts Incorporated in November 2009 Trained more than 40000 students, conducted 400 Workshops Including all IITs,

More information

Field of Study Area of Expertise Certification Vendor Course

Field of Study Area of Expertise Certification Vendor Course Field of Study Area of Expertise Certification Vendor Course Advanced Security Certified Information Systems Security Professional (CISSP) ISC2 CISSP Advanced Security CompTIA Advanced Security Practitioner

More information

EC-Council C E. Hacking Technology. v8 Certified Ethical Hacker

EC-Council C E. Hacking Technology. v8 Certified Ethical Hacker EC-Council Hacking Technology C Certified E Ethical Hacker Certified Ethical Hacker v8 Certified Ethical Hacker Course Description CEHv8 is a comprehensive Ethical Hacking and Information Systems Security

More information

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST. CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape

More information

Web application testing

Web application testing CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration

More information

FedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

FedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the

More information

Demystifying Penetration Testing

Demystifying Penetration Testing Demystifying Penetration Testing Prepared by Debasis Mohanty www.hackingspirits.com E-Mail: debasis_mty@yahoo.com Goals Of This Presentation An overview of how Vulnerability Assessment (VA) & Penetration

More information

InfoSec Academy Application & Secure Code Track

InfoSec Academy Application & Secure Code Track Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security

More information

INFORMATION SECURITY TRAINING

INFORMATION SECURITY TRAINING INFORMATION SECURITY TRAINING Course Duration: 45 days Pre-Requisite: Basic Knowledge of Internet Course Content Course Fee: 15,000 ( Online Examination Fee, Books, Certification, Tools & Software's Included

More information

Understanding Security Testing

Understanding Security Testing Understanding Security Testing Choosing between vulnerability assessments and penetration testing need not be confusing or onerous. Arian Eigen Heald, M.A., Ms.IA., CNE, CISA, CISSP I. Introduction Many

More information

CH EHC EC-Council Ethical Hacking and Countermeasures [v.9]

CH EHC EC-Council Ethical Hacking and Countermeasures [v.9] CH EHC EC-Council Ethical Hacking and [v.9] Summary Duration Vendor Audience 5 Days hands-on training EC-Council Security Professionals Level Technology Category Intermediate Ethical Hacking Core Delivery

More information

Summer Training Program 2016. CCSE V3.0 Certified Cyber Security Expert Version 3.0

Summer Training Program 2016. CCSE V3.0 Certified Cyber Security Expert Version 3.0 Summer Training Program 2016 CCSE V3.0 Certified Cyber Security Expert Version 3.0 TechD Facts Incorporated in November 2009 Trained more than 50,000 students, conducted 400 Workshops Including all IITs,

More information

FedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

FedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please

More information

Application Security Testing

Application Security Testing Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the

More information

MatriXay WEB Application Vulnerability Scanner V 5.0. 1. Overview. (DAS- WEBScan ) - - - - - The best WEB application assessment tool

MatriXay WEB Application Vulnerability Scanner V 5.0. 1. Overview. (DAS- WEBScan ) - - - - - The best WEB application assessment tool MatriXay DAS-WEBScan MatriXay WEB Application Vulnerability Scanner V 5.0 (DAS- WEBScan ) - - - - - The best WEB application assessment tool 1. Overview MatriXay DAS- Webscan is a specific application

More information

Web Application Penetration Testing

Web Application Penetration Testing Web Application Penetration Testing 2010 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Will Bechtel William.Bechtel@att.com

More information

Course Outline: Certified Ethical Hacker v8. Learning Method: Instructor-led Classroom Learning

Course Outline: Certified Ethical Hacker v8. Learning Method: Instructor-led Classroom Learning Course Outline: Certified Ethical Hacker v8 Learning Method: Instructor-led Classroom Learning Duration: 5.00 Day(s)/ 35 hrs Overview: This class will immerse the students into an interactive environment

More information

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange

More information

HACKING RELOADED. Hacken IS simple! Christian H. Gresser cgresser@nesec.de

HACKING RELOADED. Hacken IS simple! Christian H. Gresser cgresser@nesec.de HACKING RELOADED Hacken IS simple! Christian H. Gresser cgresser@nesec.de Agenda About NESEC IT-Security and control Systems Hacking is easy A short example where we currently are Possible solutions IT-security

More information

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org

More information

The Top Web Application Attacks: Are you vulnerable?

The Top Web Application Attacks: Are you vulnerable? QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding

More information

The International Certification in IT Security Training Program. fcch. foresec certified computer hacking

The International Certification in IT Security Training Program. fcch. foresec certified computer hacking The International Certification in IT Security Training Program fcch foresec certified computer hacking BACKGROUND Information Technology Security is important thing to your business because you re financial

More information

Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts)

Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts) Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts) Course Module: 1. Introduction to Ethical Hacking 2. Footprinting a. SAM Spade b. Nslookup c. Nmap d. Traceroute

More information

InfoSec Academy Pen Testing & Hacking Track

InfoSec Academy Pen Testing & Hacking Track Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security

More information

Higher National Unit specification: general information

Higher National Unit specification: general information Higher National Unit specification: general information Unit code: H17V 34 Superclass: CB Publication date: March 2012 Source: Scottish Qualifications Authority Version: 01 Unit purpose This Unit is designed

More information

Computer Forensics and Security Institute

Computer Forensics and Security Institute Computer Forensics and Security Institute Course Brochure 2015 www.cfsi.co #3 De Verteuil Terrace, Endeavour Road, Chaguanas, Trinidad, West Indies. Email: info@cfsi.co Tel: 1-868-684-0029 Find us on Facebook:

More information

Build Your Own Security Lab

Build Your Own Security Lab Build Your Own Security Lab A Field Guide for Network Testing Michael Gregg WILEY Wiley Publishing, Inc. Contents Acknowledgments Introduction XXI xxiii Chapter 1 Hardware and Gear Why Build a Lab? Hackers

More information

Web Application Vulnerability Testing with Nessus

Web Application Vulnerability Testing with Nessus The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information

More information

Web Application Security

Web Application Security E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary

More information

June 2014 WMLUG Meeting Kali Linux

June 2014 WMLUG Meeting Kali Linux June 2014 WMLUG Meeting Kali Linux "the quieter you become, the more you are able to hear" Patrick TenHoopen Kali Linux Kali Linux is a free and open source penetration testing Linux distribution designed

More information

Course and Service Portfolio Specialized IT courses for IT professional and organizations willing to take benefit from the competitive advantages

Course and Service Portfolio Specialized IT courses for IT professional and organizations willing to take benefit from the competitive advantages Course and Service Portfolio Specialized IT courses for IT professional and organizations willing to take benefit from the competitive advantages provided by international certifications Cyber & IT Governance

More information

Ethical Hacking and Countermeasures 5.0 Course ECEH5.0 5 Days COURSE OVERVIEW AUDIENCE OBJECTIVES OUTLINE

Ethical Hacking and Countermeasures 5.0 Course ECEH5.0 5 Days COURSE OVERVIEW AUDIENCE OBJECTIVES OUTLINE COURSE OVERVIEW This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each

More information

ETHICAL HACKING. By REAL TIME FACULTY

ETHICAL HACKING. By REAL TIME FACULTY w w ẉ s u n m ar s ṣ n et ETHICAL HACKING Duration : 1 Month Timings : 4.30 p.m. to 6.00 p.m. By REAL TIME FACULTY # 407, 4 th Floor, New HUDA MYTHRI VIHAR, Beside Aditya Trade Centre, Ameerpet, Hyd. -

More information

Hackers are here. Where are you?

Hackers are here. Where are you? 1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.

More information

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp ECSA/LPT is a security class like no other! Providing real world hands on experience, it is the only in-depth

More information

A Network Administrator s Guide to Web App Security

A Network Administrator s Guide to Web App Security A Network Administrator s Guide to Web App Security Speaker: Orion Cassetto, Product Marketing Manager, Incapsula Moderator: Rich Nass, OpenSystems Media Agenda Housekeeping Presentation Questions and

More information

Penetration testing & Ethical Hacking. Security Week 2014

Penetration testing & Ethical Hacking. Security Week 2014 Penetration testing & Ethical Hacking Security Week 2014 Agenda Penetration Testing Vulnerability Scanning Social engineering Security Services offered by Endava 2 3 Who I am Catanoi Maxim Information

More information

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London

More information

Web App Security Audit Services

Web App Security Audit Services locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System

More information

Web Applications The Hacker s New Target

Web Applications The Hacker s New Target Web Applications The Hacker s New Target Ross Tang IBM Rational Software An IBM Proof of Technology Hacking 102: Integrating Web Application Security Testing into Development 1 Are you phished? http://www.myfoxny.com/dpp/your_money/consumer/090304_facebook_security_breaches

More information

FORBIDDEN - Ethical Hacking Workshop Duration

FORBIDDEN - Ethical Hacking Workshop Duration Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once

More information

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours Ethical Hacking and Information Security Duration Detailed Module Foundation of Information Security Lecture with Hands On Session: 90 Hours Elements of Information Security Introduction As technology

More information

Using Nessus In Web Application Vulnerability Assessments

Using Nessus In Web Application Vulnerability Assessments Using Nessus In Web Application Vulnerability Assessments Paul Asadoorian Product Evangelist Tenable Network Security pasadoorian@tenablesecurity.com About Tenable Nessus vulnerability scanner, ProfessionalFeed

More information

Cybersecurity Foundations

Cybersecurity Foundations Cybersecurity Foundations Course Number: 13198 Category: Technical Applications Duration: 5 Days Overview When you consider just a few of the consequences of a security breach - your proprietary information

More information

FedVTE Course Library

FedVTE Course Library FedVTE Course Library Advanced PCAP Analysis and Signature Dev 1 Hour... 3 Artifact Analysis 1 Hour... 3 Basic Network Traffic Analysis 5 Hours... 3 CCNA Security 34 Hours... 4 Centaur SiLK Traffic Analysis

More information

Information Security Principles and Practices

Information Security Principles and Practices Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 3: Certification Programs and the Common Body of Knowledge Certification & Information Security Industry standards,

More information