Penetration Testing
Foundations of Penetration Testing
Sydney 10 Jul 2007
Overview
A penetration test cannot prove the security of a network or system, however can provide a valuable addition to an organisation’s IT security audit regime, identifying system weaknesses before genuinely malicious users compromise the system.
Penetration testing is becoming a critical part of many organisations' IT security assurance processes, however with little standardisation across the industry it is very important to be aware of the alternative methods available. Would you prefer to have a "blind" or "open" penetration test? And should you arrange for a "baseline" test or a "capture-the-flag" challenge to be conducted?
The Foundations of Penetration Testing course will provide the process framework around penetration testing, technical detail and hands-on-exercises for actual execution of penetration testing tasks.
Prerequisites
The prerequisites for this course are:
- An understanding of the fundamentals of the TCP/IP protocols & Internet Addressing
- Experience with running applications within the Windows operating system
- Some basic knowledge of the Linux/Unix operating systems
Duration
Foundations of Penetration Testing is a single day course, running from 9.00am until 5.00pm. Contact us for information on scheduled dates.
Audience
The Foundations of Penetration Testing course is relevant to both business and technical audiences, and both the public and private sectors. This course is aimed at both security professionals who will be conducting penetration tests, and IT or security managers who will be responsible for the co-ordination of such tests or will be required to review test results.
What will you take away?
Participants in this course will take away:
- An understanding of the basic tools and skills required to perform penetration tests
- An understanding of the legal and regulatory issues surrounding penetration tests
- A thorough understanding of the management and reporting aspects that are critical when performing a penetration test
Course Topics
Module 1 – Foundations
Module 1 – Foundations starts with base concepts of penetration testing, providing a broad overview of the many different types of penetration tests available, along with the legal and contractual issues involved in a penetration test. From this base, an overview of current attack methods, tools and operating systems, along with a thorough coverage of risk analysis will be provided.
Module 2 – Information Gathering
Module 2 – Information Gathering looks at the practical issues involved in using tools and websites to obtain publicly available data on the target systems. This data provides a steady base with which to launch more specific attacks against target systems. Module 2 will also provide an overview of the TCP/IP protocol.
Module 3 – Identifying Weaknesses
Module 3 – Identifying Weakness examines the practical issues involved in systems analysis and testing to identifying weaknesses and security issues. You will complete hands-on exercises aimed at illustrating the skills required, the testing process and difficulties encountered during a ‘typical’ penetration test. Finally, we will look at specific tools and techniques used during internal systems testing.
Module 4 – Compromising & Reporting
Module 4 – Compromising & Reporting introduces the technical skills to successfully execute exploit code and gain control of a vulnerable system. Module 4 also examines the difficulties in defining a “successful” system compromise. Finally, we will look at results analysis & verification, legal obligations and reporting methods.
|
SIFT is an "Australian Government Endorsed Supplier" of information security and information risk management services. 
