Course Title: Penetration Testing: Network Threat Testing, 1st Edition

Transcription

1 Course Title: Penetration Testing: Network Threat Testing, 1st Edition Page 1 of 6

2 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics in advanced penetration testing and information security analysis. The content of this program is designed to expose the reader to groundbreaking methodologies in conducting thorough information security analysis, as well as advanced penetration testing techniques. Armed with the knowledge from the Security Analyst series, along with proper experience, readers will be able to perform the intensive assessments required to effectively identify and mitigate risks to the security of the organization's infrastructure. PENETRATION TESTING: NETWORK THREAT TESTING coverage includes penetration testing of denial of service, password cracking, applications, database, viruses and Trojans, log management, data leakage and file integrity. Certificate Info Penetration Testing: Network Threat Testing Who Should Attend? This course will significantly benefit Network administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment professionals. Course Duration: 2 days (9:00 5:00) CPE/ECE Qualification 16 ECE Credits awarded for attendance (1 for each classroom hour) Suggested Retail: $799 USD Page 2 of 6

3 Required Courseware: Visit and click on Training Workshops for ordering details. What s included? Physical Courseware 1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate Course + Supplement Cost: See the Training Workshops section at for current pricing information. Related Certificates: Penetration Testing: Security Analysis Penetration Testing: Network and Perimeter Testing Penetration Testing: Communication Media Testing Penetration Testing: Procedures & Methodologies Page 3 of 6

4 1. Denial-Of-Service Penetration Testing Course Briefing: This module explains that the purpose of performing a DoS attack is to bring down the performance of a website. It explains that the DoS attack and DDoS are similar attacks. The difference is that DDoS is a distributed attack, wherein the attack is launched from various unsuspected sources. A look at the DoS attacks, its effects, attacker s strategy, stability, performance and penetration testing. 2. Password-Cracking Penetration Testing This module explains that Passwords protect computer resources and files from unauthorized access by malicious users and how companies use a combination of passwords and user IDs to protect their resources against intrusions by hackers and thieves. The tool that simplifies migration synchronization of that system, SAMDUMP is also explained. 3. Application Penetration Testing In software engineering, a web application is an application delivered to users from a web server over a network such as the World Wide Web or an intranet. Web applications are popular due to the ubiquity of the web browser as a client, sometimes called a thin client. Application testing involves meticulously testing an application under certain conditions to check for vulnerabilities in the code. The module discusses various steps in the penetration testing of web applications and the tools that are useful for the same. 4. Database Penetration Testing The module discusses the various steps in database penetration testing including using SQL plus to enumerate system tables, MySQL Server database testing, and Port Scan UDP/TCP Ports (TCP/UDP). The module also discusses various tools that can be used for dictionary attacks aimed at cracking database login details. 5. Virus and Trojan Detection The module discusses the steps to be followed for detecting Trojans and viruses in the system, and lists various spyware detectors, anti-trojans, and antivirus software. 6. Log Management Penetration Testing Security software logs are the logs that provide the record of instances of security software. Few of the security software are antimalware software, Intrusion detection and prevention systems, remote access software, web proxies, vulnerability management software, authentication servers, network quarantine servers, routers, firewalls, etc. The module discusses the need for log management, challenges in log management, the steps for log management penetration testing, and lists guidelines for secure log management. 7. File Integrity Checking This module familiarizes File integrity, which verifies if the file is same as the original file and if there are any modifications in the file. It explains about Faulty storage media, Transmission error, Cyclic Page 4 of 6

5 Redundancy Check (CRC) function takes input data stream of any length and produces an output value of a certain fixed size, Hash-based verification and tools such as md5sum and PasswordZilla. 8. Data Leakage Penetration Testing Confidential data of the organization includes important information about the company, its clients, products, planning of new product, and its partners. An organization needs to perform data leakage penetration testing to protect its confidential data from malicious users. The module explains how data can be leaked, steps for data leakage penetration testing, discusses data privacy and protection acts, and various data protection tools Course Outline: Chapter 1: Denial-Of-Service Penetration Testing Introduction to Denial-Of-Service Penetration Testing Distributed Denial-Of-Service Attack Conducting a Denial-Of-Service Penetration Test Web Testing Tools Java Test Tools Java Development Tools Chapter 2: Password-Cracking Penetration Testing Introduction to Password-Cracking Penetration Testing Password-Cracking Techniques Types of Password-Cracking Attacks Steps in Password-Cracking Penetration Testing Tools Chapter 3: Application Penetration Testing Introduction to Application Penetration Testing Defects Requirements and Design Testing Web Application Penetration Testing Application-Testing Tools Chapter 4: Database Penetration Testing Introduction to Database Penetration Testing Port Scanning Page 5 of 6

6 Database Penetration Testing Steps Chapter 5: Virus and Trojan Detection Introduction to Virus and Trojan Detection Using connection and port information to detect Trojans Using process information to detect Trojans Detecting boot-sector viruses Enumerating the different tools used to detect viruses and Trojans Chapter 6: Log Management Penetration Testing Introduction to Log Management Penetration Testing Log File Overview The Need for Log Management Steps for Log Management Penetration Testing Checklist for Secure Log Management Chapter 7: File Integrity Checking Introduction to File Integrity Checking File Integrity Overview Integrity-Checking Techniques File Integrity-Checking Tools Chapter 8: Data Leakage Penetration Testing Introduction to Data Leakage Penetration Testing Points of Data Leakage Sensitive Data Steps for Data Leakage Penetration Testing Data Privacy and Protection Acts Data Protection Tools Page 6 of 6