2. Who is M. SYARIFUDIN ?
• Former Lecturer and Assistant Manager
• OSCP & OSWP Certified
• Information Security Trainer and Researcher
• Official Indonesian Kali Linux Translator
• Homepage : http://fl3x.us
2
3. LET’S TALK ABOUT…
• Information Security
• What Should be Prepared to become Infosec
Professional
3
4. INFORMATION SECURITY OVERVIEW
• The practice of defending information from
(un)authorised access, (mis)use, disclosure,
disruption, modification, or destruction
4
Confidentiality Integrity Availability
source:wikipedia
5. WHY INFORMATION SECURITY NEEDED ?
• Information is very important asset
• Impact to the Business
5
People Technology System
14. SAMPLE SALARY ( PENTESTER )
14
77K USD per year -> 6.4K USD per month = Rp 84.000.000 per month
15. WHAT SHOULD BE PREPARED ?
• Have the Passion & Good Mental
• More focus on these Subjects :
• Operating System
• Computer Network and Security
• Cryptography, and Programming
15
16. WHAT SHOULD BE PREPARED ?
• Join to the Laboratory
• Join to the Infosec Community
• Decide your Interest
• Taking the Infosec Courses and Certifications
16
21. What is PenTest ?
21
Real Attacks The Target Gain
Access
Application NetworkSystem
22. Why Do a PenTest ?
22
$$$$$ Security Program
Protecting Infrastructure
Prevent Data Breaches
Penetration Test
23. About PenTest
23
Compromise IT System Security
Find SecurityVulnerabilitiesMust Have a Permission
Be Creative Exploit the SecurityVuln.
Bypass Security MechanismThink like an Attacker
24. Penetration Testing Execution Standard
24
Intelligence GatheringPre-engagement
Threat ModellingVulnerability Analysis
Exploitation Post Exploitation
Reporting
http://www.pentest-standard.org