SlideShare a Scribd company logo

Penetration Testing for Cybersecurity Professionals

211 Check
211 Check

Penetration Testing for Cybersecurity Professionals is a joint presentation by Charles Chol and Chuol Buok who are both Cyber Security Analysts in South Sudan.

1 of 17
Download to read offline
Topic: Penetration Testing for Cybersecurity Professionals
Penetration tests have become an essential way to stay
proactive in identifying and demonstrating the impact of
security weaknesses before they are discovered and
put to use by a threat actor.
I am a dedicated and experienced
cybersecurity analyst with 3 years of
industry expertise, specializing in
safeguarding digital systems and
information from malicious cyber
threats. I holds a bachelor's degree in
Networking and Cybersecurity from
ISBAT University and a diploma in
Computer Science from St. Lawrence
University Uganda, Kampala. proficient
in Cyber threat intelligence ,
Vulnerability Management, Incident
Response, Ethical Hacking, SOC and
OSINT. Currently works as a cyber
incident handler at Safetycomm
ABOUT ME
CYBER SECURITY ANALYST ,
SAFETYCOMM
CHUOL BUOK YAK
What Is Penetration Testing?
A penetration test, or pen test, is an attempt to
evaluate the security of an IT infrastructure by safely
trying to exploit vulnerabilities. These vulnerabilities
may exist in operating systems, services and
application flaws, improper configurations or risky
end-user behavior. Such assessments are also useful
in validating the efficacy of defensive mechanisms, as
well as end-user adherence to security policies.
Why is Pen Testing Important?
 Identify and Prioritize Security Risks
 Intelligently Manage Vulnerabilities
 Leverage a Proactive Security Approach
 Meet Regulatory Requirements
 Increase Confidence in Your Security Strategy
Who Performs Penetration Tests?
One of the biggest hurdles in creating a successful
cybersecurity program is finding people with the right
qualifications and experience. The cybersecurity skills
gap is well-documented issue with a qualified supply of
security professionals not keeping up with demand. This
is particularly true with pen testing. Unfortunately, there
is no shortage of threat actors and cybercrime groups.
Consequently, organizations can’t delay deploying
critical pen testing initiatives.
Five Stages of Pen Testing

Recommended

Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
Pen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityPen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityTestingXperts
 
CMIT 321 EXECUTIVE PROPOSAL PROJECT
CMIT 321 EXECUTIVE PROPOSAL PROJECTCMIT 321 EXECUTIVE PROPOSAL PROJECT
CMIT 321 EXECUTIVE PROPOSAL PROJECTHamesKellor
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51martinvoelk
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Jorge Orchilles
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?Rapid7
 

More Related Content

Similar to Penetration Testing for Cybersecurity Professionals

CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSSprintzeal
 
How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..Sprintzeal
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
Cyber Security Company.pdf
Cyber Security Company.pdfCyber Security Company.pdf
Cyber Security Company.pdfpdfcompressor1
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackamrutharam
 
Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01rajkumar jonuboyena
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Computer Security As A Critical Problem For Computer Systems
Computer Security As A Critical Problem For Computer SystemsComputer Security As A Critical Problem For Computer Systems
Computer Security As A Critical Problem For Computer SystemsNicole Stewart
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured WorldJennifer Mary
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015Andreanne Clarke
 
pentration testing.pdf
pentration testing.pdfpentration testing.pdf
pentration testing.pdfRamya Nellutla
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0Rafal Los
 
Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...Jennifer Moser
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGDrm Kapoor
 
Penetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityPenetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityKaran Patel
 

Similar to Penetration Testing for Cybersecurity Professionals (20)

CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
 
How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..How to Become a Cyber Security Analyst in 2021..
How to Become a Cyber Security Analyst in 2021..
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
Cyber Security Company.pdf
Cyber Security Company.pdfCyber Security Company.pdf
Cyber Security Company.pdf
 
Information Security
Information SecurityInformation Security
Information Security
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01
 
Security testing
Security testingSecurity testing
Security testing
 
Computer Security As A Critical Problem For Computer Systems
Computer Security As A Critical Problem For Computer SystemsComputer Security As A Critical Problem For Computer Systems
Computer Security As A Critical Problem For Computer Systems
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured World
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015
 
pentration testing.pdf
pentration testing.pdfpentration testing.pdf
pentration testing.pdf
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0
 
Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKING
 
Penetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityPenetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber Security
 

More from 211 Check

HOW TO WRITE A FACT-CHECK: Master the art of writing a fact-check
HOW TO WRITE A FACT-CHECK: Master the art of writing a fact-checkHOW TO WRITE A FACT-CHECK: Master the art of writing a fact-check
HOW TO WRITE A FACT-CHECK: Master the art of writing a fact-check211 Check
 
211 CHECK ANNUAL IMPACT REPORT 2023
211 CHECK ANNUAL IMPACT REPORT 2023211 CHECK ANNUAL IMPACT REPORT 2023
211 CHECK ANNUAL IMPACT REPORT 2023211 Check
 
Unmasking Disinformation and Misinformation in South Sudan_Understanding the ...
Unmasking Disinformation and Misinformation in South Sudan_Understanding the ...Unmasking Disinformation and Misinformation in South Sudan_Understanding the ...
Unmasking Disinformation and Misinformation in South Sudan_Understanding the ...211 Check
 
Presentation: Unmasking Dis/Misinformation in South Sudan: Understanding the ...
Presentation: Unmasking Dis/Misinformation in South Sudan: Understanding the ...Presentation: Unmasking Dis/Misinformation in South Sudan: Understanding the ...
Presentation: Unmasking Dis/Misinformation in South Sudan: Understanding the ...211 Check
 
Mental Health in Fact-checking and Journalism: Dealing with Stress and Trauma
Mental Health in Fact-checking and Journalism: Dealing with Stress and TraumaMental Health in Fact-checking and Journalism: Dealing with Stress and Trauma
Mental Health in Fact-checking and Journalism: Dealing with Stress and Trauma211 Check
 
Mapping, Researching and Documenting Hate Speech_Skills for Civil Society O...
Mapping, Researching and  Documenting Hate Speech_Skills for Civil Society  O...Mapping, Researching and  Documenting Hate Speech_Skills for Civil Society  O...
Mapping, Researching and Documenting Hate Speech_Skills for Civil Society O...211 Check
 
Online Research_How to get the best out of internet searches
Online Research_How to get the best out of internet searchesOnline Research_How to get the best out of internet searches
Online Research_How to get the best out of internet searches211 Check
 
Webinar_Cybersecurity is a shared responsibility presentation
Webinar_Cybersecurity is a shared responsibility presentationWebinar_Cybersecurity is a shared responsibility presentation
Webinar_Cybersecurity is a shared responsibility presentation211 Check
 
Cybersecurity & Data Security_Avoiding the traps of scammers and protecting y...
Cybersecurity & Data Security_Avoiding the traps of scammers and protecting y...Cybersecurity & Data Security_Avoiding the traps of scammers and protecting y...
Cybersecurity & Data Security_Avoiding the traps of scammers and protecting y...211 Check
 
Artificial Intelligence (AI)_ A Friend or Enemy in Combating Disinformation ...
Artificial Intelligence (AI)_  A Friend or Enemy in Combating Disinformation ...Artificial Intelligence (AI)_  A Friend or Enemy in Combating Disinformation ...
Artificial Intelligence (AI)_ A Friend or Enemy in Combating Disinformation ...211 Check
 
Techniques and Tools for fact-checking
Techniques and Tools for fact-checkingTechniques and Tools for fact-checking
Techniques and Tools for fact-checking211 Check
 
211 Check Profile August 2023
211 Check Profile August 2023211 Check Profile August 2023
211 Check Profile August 2023211 Check
 

More from 211 Check (12)

HOW TO WRITE A FACT-CHECK: Master the art of writing a fact-check
HOW TO WRITE A FACT-CHECK: Master the art of writing a fact-checkHOW TO WRITE A FACT-CHECK: Master the art of writing a fact-check
HOW TO WRITE A FACT-CHECK: Master the art of writing a fact-check
 
211 CHECK ANNUAL IMPACT REPORT 2023
211 CHECK ANNUAL IMPACT REPORT 2023211 CHECK ANNUAL IMPACT REPORT 2023
211 CHECK ANNUAL IMPACT REPORT 2023
 
Unmasking Disinformation and Misinformation in South Sudan_Understanding the ...
Unmasking Disinformation and Misinformation in South Sudan_Understanding the ...Unmasking Disinformation and Misinformation in South Sudan_Understanding the ...
Unmasking Disinformation and Misinformation in South Sudan_Understanding the ...
 
Presentation: Unmasking Dis/Misinformation in South Sudan: Understanding the ...
Presentation: Unmasking Dis/Misinformation in South Sudan: Understanding the ...Presentation: Unmasking Dis/Misinformation in South Sudan: Understanding the ...
Presentation: Unmasking Dis/Misinformation in South Sudan: Understanding the ...
 
Mental Health in Fact-checking and Journalism: Dealing with Stress and Trauma
Mental Health in Fact-checking and Journalism: Dealing with Stress and TraumaMental Health in Fact-checking and Journalism: Dealing with Stress and Trauma
Mental Health in Fact-checking and Journalism: Dealing with Stress and Trauma
 
Mapping, Researching and Documenting Hate Speech_Skills for Civil Society O...
Mapping, Researching and  Documenting Hate Speech_Skills for Civil Society  O...Mapping, Researching and  Documenting Hate Speech_Skills for Civil Society  O...
Mapping, Researching and Documenting Hate Speech_Skills for Civil Society O...
 
Online Research_How to get the best out of internet searches
Online Research_How to get the best out of internet searchesOnline Research_How to get the best out of internet searches
Online Research_How to get the best out of internet searches
 
Webinar_Cybersecurity is a shared responsibility presentation
Webinar_Cybersecurity is a shared responsibility presentationWebinar_Cybersecurity is a shared responsibility presentation
Webinar_Cybersecurity is a shared responsibility presentation
 
Cybersecurity & Data Security_Avoiding the traps of scammers and protecting y...
Cybersecurity & Data Security_Avoiding the traps of scammers and protecting y...Cybersecurity & Data Security_Avoiding the traps of scammers and protecting y...
Cybersecurity & Data Security_Avoiding the traps of scammers and protecting y...
 
Artificial Intelligence (AI)_ A Friend or Enemy in Combating Disinformation ...
Artificial Intelligence (AI)_  A Friend or Enemy in Combating Disinformation ...Artificial Intelligence (AI)_  A Friend or Enemy in Combating Disinformation ...
Artificial Intelligence (AI)_ A Friend or Enemy in Combating Disinformation ...
 
Techniques and Tools for fact-checking
Techniques and Tools for fact-checkingTechniques and Tools for fact-checking
Techniques and Tools for fact-checking
 
211 Check Profile August 2023
211 Check Profile August 2023211 Check Profile August 2023
211 Check Profile August 2023
 

Recently uploaded

Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Damar Juniarto
 
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Prometix Pty Ltd
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
Model Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdfModel Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdfgalfinprihardiputra0
 
Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPTPraveenKumarThota7
 

Recently uploaded (6)

Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023
 
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
Model Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdfModel Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdf
 
Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPT
 

Penetration Testing for Cybersecurity Professionals

  • 1. Topic: Penetration Testing for Cybersecurity Professionals Penetration tests have become an essential way to stay proactive in identifying and demonstrating the impact of security weaknesses before they are discovered and put to use by a threat actor.
  • 2. I am a dedicated and experienced cybersecurity analyst with 3 years of industry expertise, specializing in safeguarding digital systems and information from malicious cyber threats. I holds a bachelor's degree in Networking and Cybersecurity from ISBAT University and a diploma in Computer Science from St. Lawrence University Uganda, Kampala. proficient in Cyber threat intelligence , Vulnerability Management, Incident Response, Ethical Hacking, SOC and OSINT. Currently works as a cyber incident handler at Safetycomm ABOUT ME CYBER SECURITY ANALYST , SAFETYCOMM CHUOL BUOK YAK
  • 3. What Is Penetration Testing? A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as end-user adherence to security policies.
  • 4. Why is Pen Testing Important?  Identify and Prioritize Security Risks  Intelligently Manage Vulnerabilities  Leverage a Proactive Security Approach  Meet Regulatory Requirements  Increase Confidence in Your Security Strategy
  • 5. Who Performs Penetration Tests? One of the biggest hurdles in creating a successful cybersecurity program is finding people with the right qualifications and experience. The cybersecurity skills gap is well-documented issue with a qualified supply of security professionals not keeping up with demand. This is particularly true with pen testing. Unfortunately, there is no shortage of threat actors and cybercrime groups. Consequently, organizations can’t delay deploying critical pen testing initiatives.
  • 6. Five Stages of Pen Testing
  • 7. How Often Should You Pen Test? Penetration testing should be performed on a regular basis to ensure more consistent IT and network security management. A pen-tester will reveal how newly discovered threats or emerging vulnerabilities may potentially be assailed by attackers. In addition to regularly scheduled analysis and assessments required by regulatory mandates, tests should also be run whenever:
  • 8. What Should You Do After a Pen Test? t’s important to plan time for a post-mortem to disseminate, discuss, and fully understand the findings. Additionally, relaying these results with actionable insights to decision makers within the organization will better emphasize the risk that these vulnerabilities pose, and the positive impact that remediation will have on the business. With review, evaluation, and leadership buy-in, pen test results can transform into action items for immediate improvements and takeaways that will help shape larger security strategies.
  • 9. What is Reconnaissance? Cyber Reconnaissance is the first step of any professional penetration test. In this phase the goal is to gather as much information about the target as possible. This includes technical information about it’s network topology and systems. But it also includes information on employees and the company itself that may be useful in the later stages of the penetration test. The more information you gather during the reconnaissance phase the more likely you are to succeed in the later stages of the penetration test. There are two types of cyber reconnaissance that you can perform active information gathering and passive information gathering.
  • 10. Difference Between Vulnerability Scans and Pen Tests? Vulnerability scanning is a security management strategy used to identify and report vulnerabilities in web applications, servers and firewalls. The main goal of vulnerability scanning is to help your organization’s IT department detect, classify and report weaknesses in your internal and external networks, computers, IP addresses and communication equipment. Penetration testing is a type of test conducted mostly by ethical hackers and experienced DevOps engineers to test and determine possible security gaps in an organization’s security architecture. Pen testing is also a form of ethical hacking deployed to fully understand security vulnerabilities and ways to remove them from an organization’s security environment.
  • 11. Different Types of Pen Testing?
  • 12. 5 pen testing rules of engagement Rules of Engagement for Pen testing Rules of Engagement (RoE) is a document that deals with the manner in which the penetration test is to be conducted. Some of the directives that should be clearly spelled out in RoE before you start the penetration test are as follows:  The type and scope of testing  Client contact details  Client IT team notifications  Sensitive data handling  Status meeting and reports
  • 13. White Box, Black Box, and Gray Box Penetration Testing
  • 14. Penetration testing methods continue……….. External testing External penetration tests target the assets of a company that are visible on the internet, e.g., the web application itself, the company website, and email and domain name servers (DNS). The goal is to gain access and extract valuable data. Internal testing In an internal test, a tester with access to an application behind its firewall simulates an attack by a malicious insider. This isn’t necessarily simulating a rogue employee. A common starting scenario can be an employee whose credentials were stolen due to a phishing attack.
  • 15. What Is Teaming? Red Teams A red team is on the offensive side. A red team is formed with the intention of identifying and assessing vulnerabilities, testing assumptions, viewing alternate options for attack, and revealing the limitations and security risks for that organization. Blue Teams The blue team is tasked with defending the organization. Blue teams are in charge of building up an organization’s protective measures, and taking action when needed. Purple Teams Recently, the concept of a purple team has become more popular in teaming exercises. This is the mindset of seeing and treating red and blue teams as symbiotic. It’s not red teams vs. blue teams, but rather one large team focusing on the one overarching goal: improving security. The key to becoming a purple team comes down to communication between individuals and their teams.
  • 16. Penetration Testing/Ethical Hacking Demo Let’s Hack things now Window Demo Linux Demo
  • 17. THE END Thank you Q & A chuol@safetycomm.org 0927318255

Editor's Notes

  1. 1.7.2013