Security Analyst, Part 2 of 2: Penetration Testing Overview

Course description

There are many ways and methodologies designed to analyze the information security needs of a corporation or government entity. One of the best ways to analyze the security posture of an organization is through penetration testing. Examine the fundamentals of penetration testing including limits (known as the Scope of Work), the several phases of PTests, and additional methodologies and guidelines. Additionally, the importance of information security auditing and vulnerability assessments will be discussed, as well as legal concerns and risks that may arise for both the penetration tester and the organization being tested.

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.

Prerequisites

In order to maximize you leaning experience when taking this course, the following prerequisites are highly recommended: Security + Certification, knowledge of CEH (Certified Ethical Hacker), knowledge of CHFI (Computer Hacking Forensic Investigator) and the CBK (Common Body of Knowledge) associated with the CISSP and CISA certifications are also very helpful.

Meet the expert

Don Bowers

Don Bowers has been in the computer industry for over 36 years as a database programmer and an information systems and security analyst.  Don’s primary focus over the last 10 years has been in the area of information security and digital forensics.  Don currently serves as an Assistant Professor and the Program Chair for the Cybersecurity program at the College of Western Idaho.  As well as being an associate professor Don also holds the distinction of being a Certified EC-Council Instructor.  Don holds several industry certifications including MCITP Enterprise, MCSE + Security, CISSP, CISA, CEH, CHFI, ECSA (EC-Council Security Analysis), LPT (Licensed Penetration Tester) and ACE (AccessData Certified Examiner).

Video Runtime

125 Minutes

Time to complete

228 Minutes

Course Outline

Auditing, Vulnerability, and Pen Testing

Auditing Vulnerabilty Assessment and Pen Test (24:44)

• Introduction (00:35)
• Auditing, Vulnerability Assessment, and Pentesting (08:22)
• Audit, Vulnerability Assess, and Pen Test (cont'd) (02:55)
• Why Penetration Testing is Important (05:04)
• What Types of Things Should be Tested (07:27)
• Summary (00:19)

Types and Phases of Penetration Testing (28:38)

• Introduction (00:32)
• Non-destructive, Destructive Penetration Testing (02:59)
• Blue Team, Red Team Penetration Testing (05:39)
• Black, White, and Grey Box Penetration Testing (02:29)
• External, Internal Penetration Testing (07:41)
• Penetration Testing Processes (01:52)
• Pre-Attack Phase (02:36)
• Attack Phase (02:05)
• Post-Attack Phase (02:12)
• Summary (00:28)

Methodologies, Guidelines, and Pen Test Results

Methodologies and Guidelines (38:32)

• Introduction (00:28)
• Methodologies of Penetration Testing (06:46)
• Help Designing Your Methodology (04:17)
• Demo: Open Source Testing Documents (03:22)
• Demo: Open Source Report Documents (02:55)
• Penetration Testing Guidelines, Documentation (05:19)
• Penetration Testing Guidelines, Professionalism (11:11)
• Penetration Testing Guidelines, Risks and Skills (03:34)
• Summary (00:36)

Penetration Testing Results (33:11)

• Introduction (00:33)
• Penetration Testing Rules, Risks, and Behaviors (06:58)
• Legal Issues (05:51)
• Documents Needed for Penetration Testers (04:08)
• Liability Concerns (02:36)
• Rules of Engagement I (05:00)
• Rules of Engagement II (03:49)
• Demo: Documents Concerning Rules of Behavior (03:27)
• Summary (00:44)