Course Title Penetration Testing: Procedures & Methodologies



Similar documents
Course Title: Penetration Testing: Network & Perimeter Testing

Course Title: Penetration Testing: Communication Media Testing, 1st Edition

Course Title: Penetration Testing: Network Threat Testing, 1st Edition

Course Title: Penetration Testing: Security Analysis

Course Title: Disaster Recovery, 1st Edition

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

Course Title: Virtualization Security, 1st Edition

Payment Card Industry (PCI) Penetration Testing Standard

Course Title: Computer Forensic Specialist: Data and Image Files

New Zealand Company Six full time technical staff Offices in Auckland and Wellington

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

PENETRATION TESTING GUIDE. 1

Network Defense Specialist. Course Title: Network Defense Specialist: Securing and Troubleshooting Network Operating Systems

Training Course ECSA/LPT

EC-Council C E. Hacking Technology. v8 Certified Ethical Hacker

Cyber Defense Operations Graduate Certificate

What is Penetration Testing?

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

elearning for Secure Application Development

Penetration Testing Scope Factors

Hackers are here. Where are you?

EC-Council Certified Security Analyst (ECSA)

IBM Managed Security Services Vulnerability Scanning:

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Professional Penetration Testing Techniques and Vulnerability Assessment ...

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

ASL IT SECURITY XTREME XPLOIT DEVELOPMENT

Simple Steps to Securing Your SSL VPN

A Study on the Security aspects of Network System Using Penetration Testing

Checklist for Vulnerability Assessment

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307

G- Cloud Specialist Cloud Services. Security and Penetration Testing. Overview

Hackers are here. Where are you?

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Certified Ethical Hacker (CEH)

GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT

Penetration Testing //Vulnerability Assessment //Remedy

Vulnerability Assessment and Penetration Testing

Cisco Security Optimization Service

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Certified Ethical Hacker Exam Version Comparison. Version Comparison

A New Era. A New Edge. Phishing within your company

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations

IBM Security QRadar Vulnerability Manager

Information Security Services

Anatomy of an ethical penetration test

National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014

Information Technology Security Review April 16, 2012

Microsoft Baseline Security Analyzer (MBSA)

IDS and Penetration Testing Lab ISA656 (Attacker)

developing your potential Cyber Security Training

ensuring security the way how we do it

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

White Paper. Information Security -- Network Assessment

White Paper. Automating Your Code Review: Moving to a SaaS Model for Application Security

Access FedVTE online at: fedvte.usalearning.gov

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

IDS and Penetration Testing Lab ISA 674

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier

WHITEPAPER. Nessus Exploit Integration

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

PENTEST. Pentest Services. VoIP & Web.

Cyber Security Management

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

Extreme Networks Security Analytics G2 Vulnerability Manager

Telecom Testing and Security Certification. A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT

CloudCheck Compliance Certification Program

Pen Testing Methodology Gueststealer TomCat Zero Day Directory Traversal VASTO

Penetration Testing. Presented by

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Learn Ethical Hacking, Become a Pentester

PKF Avant Edge. Penetration Testing. Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP

Web application security: automated scanning versus manual penetration testing.

[CEH]: Ethical Hacking and Countermeasures

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

2011 Forrester Research, Inc. Reproduction Prohibited

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing

Continuous Penetration Testing

Networking for Caribbean Development

Metasploit Beginners

Vulnerability Scanning & Management

Application Security in the Software Development Lifecycle

Analyze. Secure. Defend. Do you hold ECSA credential?

Transcription:

Course Title Penetration Testing: Procedures & Methodologies Page 1 of 9

Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics in advanced penetration testing and information security analysis. The content of this program is designed to expose the reader to groundbreaking methodologies in conducting thorough information security analysis, as well as advanced penetration testing techniques. Armed with the knowledge from the Security Analyst series, along with proper experience, readers will be able to perform the intensive assessments required to effectively identify and mitigate risks to the security of the organization's infrastructure. This book discusses the various penetration testing techniques, strategies, planning, scheduling, and also frames a guideline that a penetration tester can adopt while performing a penetration test. This book also discusses the various test agreements that depict the outline of the test being performed. Who Should Attend? Certificate Info Penetration Testing: Procedures & Methodologies This course will significantly benefit Network server administrators, Firewall Administrators, Security Testers, System Administrators, Risk Assessment professionals, and anyone who is interested in penetration testing and information security analysis. Course Duration: 2 days (9:00 5:00) CPE/ECE Qualification 16 ECE Credits awarded for attendance (1 for each classroom hour) Suggested Retail: $799 USD Page 2 of 9

Page 3 of 9

Required Courseware: Visit www.cengage.com/community/eccouncil and click on Training Workshops for ordering details. What s included? Physical Courseware 1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate Course + Supplement Cost: See the Training Workshops section at www.cengage.com/community/eccouncil for current pricing information. Related Certificates: Penetration Testing: Security Analysis Penetration Testing: Communication Media Testing Penetration Testing: Network Threat Testing Penetration Testing: Network & Perimeter Testing Course Briefing: 1. Penetration-Testing Methodologies Penetration testing goes a step ahead of vulnerability scanning in security assessment. Unlike vulnerability scanning which examines the security of individual computers, network devices, or applications, penetration testing assesses the security model of the network as a whole. This module discusses in detail about the need of penetration testing, common penetration testing techniques and frames a guideline that a penetration tester can adopt while performing a penetration test. The module discusses various penetration testing methods and strategies for penetration testing. 2. Customers and Legal Agreements Various customer requirements need to be identified and the objectives of the penetration test should be developed in relevance to those requirements. Rules of Behavior is a test agreement that depicts the outline of the test being performed. It explains in detail the internal and external aspects surrounding the testing procedure. Before the test is performed, authorized representatives from both the parties have to sign this agreement. Page 4 of 9

This module deals with various legal agreements of penetration testing, the need for penetration testing, stages of penetration testing, customer requirements, rules of behavior, and risks associated with penetration testing. 3. Duties of a Licensed Penetration Tester Rules of Engagement is the formal permission to conduct a pen-test. It provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related restrictions to use different penetration testing tools and techniques. This module discusses the Rules of Engagement (ROE), the scope of ROE, steps in framing of ROA, and the clauses in an ROE. 4. Penetration-Testing Planning and Scheduling A penetration test plan is a part of an overall security plan and sets the ground rules for the test. The important part of the penetration test plan is to improve the test ground rules. The goal of the penetration testing is to focus on developing adequate evidence of flawlessness and to reach a security assurance level. This module explains the purpose of a test plan, building a test plan, penetration testing planning phase, test teams, testing project plan, and the various penetration testing project scheduling tools. 5. Pre Penetration Testing Checklist This module briefs the list of steps that should be taken before starting a penetration test. 6. Information Gathering and Social Engineering Penetration Testing This module familiarizes with details in information gathering phase such as newspaper cuttings, articles, websites, notes, papers, photos, snapshots, email messages, letters, documents, napkins with data, CD-ROMs and DVD, floppy disks, tapes, zip drives, USB disks, handwritten notes, employee signatures, employee writing style, and grammar syntax The term social engineering is used to describe the various techniques used to trick people (employees, business partners, or customers) into voluntarily giving away personal information that would not normally be known to the general public. Attackers are always looking for new ways to access information. They ensure that they know the surroundings and certain people in an organization like security guards, receptionists, and help desk workers. This module also discusses the various steps and methods for gathering information about the potential victim. It also showcases various spy gadgets that aid the attacker in gathering information. 7. Vulnerability Analysis This module familiarizes with vulnerability assessment and types of vulnerability assessment that can be used to identify weaknesses that could be exploited and test the effectiveness of additional security measures taken to defend attacks. This module also tells how time management scheduling of a task is important and also explains in detail about various vulnerability assessment tools. 8. External Penetration Testing Page 5 of 9

This module discusses External Intrusion Test and Analysis as a process of determining the security flaws and strengths of the client systems. It also familiarizes with various steps involved in external penetration testing and scan for default ports of various services which are vulnerable. 9. Internal Network Penetration Testing This module provides internal network penetration testing and various methods like port testing and vulnerability testing. It also explains sniffing with various sniffing tools. 10. Penetration-Testing Deliverables Documentation writing plays a major role in penetration testing process. The documentation report prepared should contain the details of the final test results and recommendations to rectify the problems that might be found during the test process. This module explains the structure of the documentation report which should include- Summary of the test execution, Scope of the project, Result analysis, Recommendations, Appendices. It also discusses about the test reports on a network such as executive report, active report, and host report, vulnerability report, creating and writing the final report, report format, delivery and retention. 11. Post-testing Actions In post penetration testing, the first focus is on high-priority security worries. This module discusses how to adopt technical solutions for the originated security issues, developing strategies to achieve short-term and long-term security postures, and deciding on the required and available resources to maintain reliable information security. 12. Advanced Exploits and Tools This module discusses in detail the common vulnerabilities. It also tells the anatomy of an exploit and what a typical overflow is. This module explains the strengths and uses of payload generators and exploitation tools including: GDB, Metasploit, Canvas, CORE Impact M.B.S.A, NSAT, and Network Security Inspector. Page 6 of 9

Course Briefing: Chapter 1: Penetration-Testing Methodologies Introduction to Penetration-Testing Methodologies Penetration Testing Phases of Penetration Testing Chapter 2: Customers and Legal Agreements Introduction to Customers and Legal Agreements Why Organizations Need Penetration Testing Initial Stages in Penetration Testing Penetration Testing Rules of Behavior Penetration-Testing Risks Penetration Testing by Third Parties Legal Consequences Liability Issues Applicable Laws Negligence Claim Drafting Contracts How Much to Charge? Chapter 3: Duties of a Licensed Penetration Tester Introduction to Duties of a Licensed Penetration Tester Duties of a Licensed Penetration Tester LPT-Audited Logos Standards and Compliance Chapter 4: Penetration-Testing Planning and Scheduling Introduction to Penetration-Testing Planning and Scheduling Purpose of a Test Plan IEEE Standards Penetration-Test Planning Phases Tool: EC-Council s Vampire Box Chapter 5: Pre Penetration Testing Checklist Introduction to Pre Penetration Testing Checklist Page 7 of 9

Checklist Chapter 6: Information Gathering and Social Engineering Penetration Testing Introduction to Information Gathering/Social Engineering Penetration Testing Information-Gathering Steps Social Engineering Steps in Conducting a Social Engineering Penetration Test Chapter 7: Vulnerability Analysis Introduction to Vulnerability Analysis Vulnerability Assessment Steps Vulnerability Classification Types of Vulnerability Assessment Vulnerability Assessment Phases Comparing Approaches to Vulnerability Assessments Vulnerability Assessment Considerations Vulnerability Assessment Reports Tools Chapter 8: External Penetration Testing Introduction to External Penetration Testing Steps for Conducting External Penetration Testing Chapter 9: Internal Network Penetration Testing Introduction to Internal Network Penetration Testing Steps for Internal Network Penetration Testing Tools Chapter 10: Penetration-Testing Deliverables Introduction to Penetration-Testing Deliverables Penetration-Testing Report Client-Side Test Reports Test Reports on Web Applications Sign-Off Document Creating the Final Report Chapter 11: Post-testing Actions Page 8 of 9

Introduction to Post-testing Actions Prioritize Recommendations Develop an Action Plan Create a Process for Minimizing Instances of Misconfigurations Apply Updates and Patches Capture Lessons Learned and Best Practices Create Security Policies Conduct Training Conduct a Social Engineering Class Destroy the Penetration-Testing Report Chapter 12: Advanced Exploits and Tools Introduction to Advanced Exploits and Tools Buffer Overflows The Anatomy of an Exploit Linux Exploits Versus Windows Exploits Tools Page 9 of 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information