ptpandm1stedi

7/25/2019 PTPandM1stEdi

1/9

Penetration Testing PTS402

Page 1 of 9 Procedures & Methodologies Copyright by EC-Council| Press All Rights Reserved. Reproduction is Strictly Prohibited.

Course TitlePenetration Testing: Procedures & Methodologies


2/9



Course Description:

The Security Analyst Series from EC-Council | Press is comprised of five books covering a broad base oftopics in advanced penetration testing and information security analysis. The content of this program isdesigned to expose the reader to groundbreaking methodologies in conducting thorough informationsecurity analysis, as well as advanced penetration testing techniques. Armed with the knowledge from theSecurity Analyst series, along with proper experience, readers will be able to perform the intensiveassessments required to effectively identify and mitigate risks to the security of the organization'sinfrastructure.

This book discusses the various penetration testing techniques, strategies, planning, scheduling, and alsoframes a guideline that a penetration tester can adopt while performing a penetration test. This book alsodiscusses the various test agreements that depict the outline of the test being performed.

Certificate InfoPenetration Testing: Procedures & Methodologies

Who Should Attend?

This course will significantly benefit Network server administrators, Firewall Administrators, SecurityTesters, System Administrators, Risk Assessment professionals, and anyone who is interested in penetrationtesting and information security analysis.

Course Duration:

2 days (9:00 5:00)

CPE/ECE Qualification

16 ECE Credits awarded for attendance (1 for each classroom hour)

Suggested Retail:

$799 USD
http://www.eccouncil.org/Certification/ec-council-certified-security-analysthttp://www.eccouncil.org/Certification/ec-council-certified-security-analyst


3/9




4/9



Required Courseware:

Visit www.cengage.com/community/eccouncil and click on Training Workshops for ordering details.

Whats included?

Physical Courseware

1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate

Course + Supplement Cost:

See the Training Workshops section at www.cengage.com/community/eccouncil for current pricinginformation.

Related Certificates:

Penetration Testing: Security Analysis

Penetration Testing: Communication Media Testing

Penetration Testing: Network Threat Testing

Penetration Testing: Network & Perimeter Testing

Course Briefing:

1. Penetration-Testing Methodologies

Module Brief:

Penetration testing goes a step ahead of vulnerability scanning in security assessment. Unlike vulnerability scanning which examines the security of individual computers, network devices, orapplications, penetration testing assesses the security model of the network as a whole.

This module discusses in detail about the need of penetration testing, common penetration testingtechniques and frames a guideline that a penetration tester can adopt while performing a penetrationtest. The module discusses various penetration testing methods and strategies for penetration testing.

2. Customers and Legal Agreements

Module Brief:

Various customer requirements need to be identified and the objectives of the penetration test should be developed in relevance to those requirements. Rules of Behavior is a test agreement that depictsthe outline of the test being performed. It explains in detail the internal and external aspectssurrounding the testing procedure. Before the test is performed, authorized representatives from boththe parties have to sign this agreement.
http://www.cengage.com/community/eccouncilhttp://www.cengage.com/community/eccouncilhttp://www.cengage.com/community/eccouncilhttp://www.cengage.com/community/eccouncilhttp://www.cengage.com/community/eccouncilhttp://www.cengage.com/community/eccouncil


5/9



This module deals with various legal agreements of penetration testing, the need for penetrationtesting, stages of penetration testing, customer requirements, rules of behavior, and risks associated

with penetration testing.

3. Duties of a Licensed Penetration Tester

Module Brief:

Rules of Engagement is the formal permission to conduct a pen-test. It provides certain rights andrestriction to the test team for performing the test and helps testers to overcome legal, federal, andpolicy-related restrictions to use different penetration testing tools and techniques.

This module discusses the Rules of Engagement (ROE), the scope of ROE, steps in framing of ROA,and the clauses in an ROE.

4. Penetration-Testing Planning and Scheduling

Module Brief:

A penetration test plan is a part of an overall security plan and sets the ground rules for the test. Theimportant part of the penetration test plan is to improve the test ground rules. The goal of thepenetration testing is to focus on developing adequate evidence of flawlessness and to reach a securityassurance level.

This module explains the purpose of a test plan, building a test plan, penetration testing planningphase, test teams, testing project plan, and the various penetration testing project scheduling tools.

5. PrePenetration Testing Checklist

Module Brief:

This module briefs the list of steps that should be taken before starting a penetration test.

6. Information Gathering and Social Engineering Penetration Testing

Module Brief:

This module familiarizes with details in information gathering phase such as newspaper cuttings,articles, websites, notes, papers, photos, snapshots, email messages, letters, documents, napkins withdata, CD-ROMs and DVD, floppy disks, tapes, zip drives, USB disks, handwritten notes, employee

signatures, employee writing style, and grammar syntaxThe term social engineering is used to describe the various techniques used to trick people(employees, business partners, or customers) into voluntarily giving away personal information that

would not normally be known to the general public. Attackers are always looking for new ways toaccess information. They ensure that they know the surroundings and certain people in anorganization like security guards, receptionists, and help desk workers.

This module also discusses the various steps and methods for gathering information about thepotential victim. It also showcases various spy gadgets that aid the attacker in gathering information.

7. Vulnerability Analysis

Module Brief:

This module familiarizes with vulnerability assessment and types of vulnerability assessment that can be used to identify weaknesses that could be exploited and test the effectiveness of additional securitymeasures taken to defend attacks.

This module also tells how time management scheduling of a task is important and also explains indetail about various vulnerability assessment tools.

8. External Penetration Testing

Module Brief:


6/9



This module discusses External Intrusion Test and Analysis as a process of determining the securityflaws and strengths of the client systems. It also familiarizes with various steps involved in externalpenetration testing and scan for default ports of various services which are vulnerable.

9. Internal Network Penetration Testing

Module Brief:

This module provides internal network penetration testing and various methods like port testing and vulnerability testing. It also explains sniffing with various sniffing tools.

10. Penetration-Testing Deliverables

Module Brief:

Documentation writing plays a major role in penetration testing process. The documentation reportprepared should contain the details of the final test results and recommendations to rectify theproblems that might be found during the test process.

This module explains the structure of the documentation report which should include-Summary ofthe test execution, Scope of the project, Result analysis, Recommendations, Appendices. Italso discusses about the test reports on a network such as executive report, active report, and hostreport, vulnerability report, creating and writing the final report, report format, delivery and

retention.11. Post-testing Actions

Module Brief:

In post penetration testing, the first focus is on high-priority security worries.

This module discusses how to adopt technical solutions for the originated security issues, developingstrategies to achieve short-term and long-term security postures, and deciding on the required andavailable resources to maintain reliable information security.

12. Advanced Exploits and Tools

Module Brief:

This module discusses in detail the common vulnerabilities. It also tells the anatomy of an exploit and

what a typical overflow is. This module explains the strengths and uses of payload generators andexploitation tools including: GDB, Metasploit, Canvas, CORE Impact M.B.S.A, NSAT, and NetworkSecurity Inspector.


7/9



Course Briefing:

Chapter 1: Penetration-Testing Methodologies Introduction to Penetration-Testing Methodologies Penetration Testing Phases of Penetration Testing

Chapter 2: Customers and Legal Agreements Introduction to Customers and Legal Agreements Why Organizations Need Penetration Testing Initial Stages in Penetration Testing Penetration Testing Rules of Behavior

Penetration-Testing Risks Penetration Testing by Third Parties Legal Consequences Liability Issues Applicable Laws Negligence Claim Drafting Contracts How Much to Charge?

Chapter 3: Duties of a Licensed Penetration Tester Introduction to Duties of a Licensed Penetration Tester Duties of a Licensed Penetration Tester LPT-Audited Logos Standards and Compliance

Chapter 4: Penetration-Testing Planning and Scheduling Introduction to Penetration-Testing Planning and Scheduling Purpose of a Test Plan

IEEE Standards Penetration-Test Planning Phases Tool: EC-Councils Vampire Box

Chapter 5: PrePenetration Testing Checklist Introduction to PrePenetration Testing Checklist


8/9



Checklist

Chapter 6: Information Gathering and Social Engineering Penetration Testing Introduction to Information Gathering/Social Engineering Penetration Testing

Information-Gathering Steps Social Engineering Steps in Conducting a Social Engineering Penetration Test

Chapter 7: Vulnerability Analysis Introduction to Vulnerability Analysis Vulnerability Assessment Steps Vulnerability Classification Types of Vulnerability Assessment

Vulnerability Assessment Phases Comparing Approaches to Vulnerability Assessments Vulnerability Assessment Considerations Vulnerability Assessment Reports Tools

Chapter 8: External Penetration Testing Introduction to External Penetration Testing Steps for Conducting External Penetration Testing

Chapter 9: Internal Network Penetration Testing Introduction to Internal Network Penetration Testing Steps for Internal Network Penetration Testing Tools

Chapter 10: Penetration-Testing Deliverables Introduction to Penetration-Testing Deliverables Penetration-Testing Report

Client-Side Test Reports Test Reports on Web Applications Sign-Off Document Creating the Final Report

Chapter 11: Post-testing Actions


9/9



Introduction to Post-testing Actions Prioritize Recommendations Develop an Action Plan Create a Process for Minimizing Instances of Misconfigurations

Apply Updates and Patches Capture Lessons Learned and Best Practices Create Security Policies Conduct Training Conduct a Social Engineering Class Destroy the Penetration-Testing Report

Chapter 12: Advanced Exploits and Tools Introduction to Advanced Exploits and Tools

Buffer Overflows The Anatomy of an Exploit Linux Exploits Versus Windows Exploits Tools

ptpandm1stedi

Documents