Ethical Hacking: Penetration Testing

Explore the fundamentals of using penetration testing to check for vulnerabilities in your computers, systems, networks, applications, and more.

Introduction

• Testing an organization's defenses
• Getting the most out of this course

1. Organizational Penetration Testing

• Understanding penetration testing
• Auditing security mechanisms
• Managing risk
• Analyzing risk
• Recognizing the attack surface

2. Types of Penetration Testing

• Comparing different environments
• Checking from the outside in
• Looking inside the organization
• Determining testing methods
• Discovering pen testing tools
• Challenge: Explain the NIST five framework core functions
• Solution: Explain the NIST five framework core functions

3. Penetration Testing Techniques

• Following a structured plan
• Planning the pen test
• Footprinting the target
• Escalating privileges
• Attacking the system
• Delivering the results
• Outlining remediation strategies

4. Penetration Testing Blueprint

• Checking physical security
• Identifying wireless vulnerabilities
• Testing the website
• Leaking data via email or VoIP
• Safeguarding cloud services
• Assessing the mobile infrastructure
• Hacking the human

5. Outsourcing Penetration Testing

• Contracting the pen test
• Defining the project scope
• Hiring consultants
• Agreeing on terms
• Creating the contracts

Conclusion

• What's next