Security Testing Essential Training

Learn about security testing. Learn how to set up a test environment, plan assessments, identify targets, and execute security tests with popular tools like Nmap and Wireshark.

Introduction

• The importance of security testing
• What you should know

1. Understanding Security Assessments

• Language is important
• Risk assessments
• Calculating risk score
• Security controls assessments
• NIST and ISO
• Compliance assessments
• Vulnerability assessments
• Penetration tests
• Goals of a pen test
• The security assessment lifecycle

2. Your Testing Environment

• The security tester's toolkit
• Kali Linux
• Nmap
• Nessus
• Wireshark
• Lynis
• CIS-CAT Lite
• Aircrack-ng
• Hashcat
• OWASP ZAP
• OWASP ZAP demo

3. Planning Your Assessment

• Understanding your scope
• Improving over time
• Selecting your methodology
• Selecting your tools
• Basic assessment tools
• Advanced assessment tools

4. Review Techniques

• Documentation review
• Log review
• Log management tools
• Ruleset review
• System configuration review
• CIS-CAT demo
• Network sniffing
• Wireshark demo
• File integrity checking

5. Identifying Your Targets

• Network discovery
• Open-source intelligence
• Network port and service identification
• Nmap demo
• Vulnerability scanning
• Determining severity
• Nessus demo
• Wireless scanning
• Wireless testing process
• Aircrack-ng demo

6. Vulnerability Validation

• Password cracking
• Hashcat demo
• Penetration test planning
• Penetration test tools
• Penetration test techniques
• Social engineering
• SET demo

7. Additional Considerations

• Coordinating your assessments
• Data analysis
• Providing context
• Data handling
• Drafting your report
• Delivering your report

Conclusion

• Next steps
• Additional resources