1 / 21

Penetration testing

Penetration testing. Agenda. Penetration testing ? Certificated Penetration testing for? Methodology System & Network Web Mobile Tools Commercial Free Tools Report Ex. Q&A. Penetration testing. Vulnerability Assessment. Penetration Testing. Penetration testing TYPE.

berg
Download Presentation

Penetration testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Penetration testing

  2. Agenda • Penetration testing • ? • Certificated • Penetration testing for? • Methodology • System & Network • Web • Mobile • Tools • Commercial • Free Tools • Report • Ex. • Q&A

  3. Penetration testing

  4. Vulnerability Assessment

  5. Penetration Testing

  6. Penetration testingTYPE • Internal • External • Black box • White box • Grey box Reference : http://www.giac.org/cissp-papers/197.pdf

  7. Penetration testing : Certificated • Certified Penetration Testing Engineer (CPTE)

  8. Penetration testing : Certificated • The Offensive Security Certified Professional (OSCP)

  9. Penetration testing : Certificated • CEH: Certified Ethical Hacking

  10. Penetration testing : Certificated BIG NAME • Certified Penetration Testing Consultant (CPTC) • GIAC Web Application Penetration Tester (GWAPT) • GIAC Penetration Tester (GPEN) • Certified Information Systems Security Professional (CISSP) • Certified Information Security Manager (CISM) • Certified Information Systems Auditor - CISA

  11. Penetration testing for?

  12. Penetration testing : Methodology • ขั้นตอน หรือวิธีการ เพื่อ?

  13. Penetration testing : Methodology • Information Gathering • Information Analysis and Planning • Vulnerability Detection • Penetration • Attack/Privilege Escalation • Analysis and reporting • Clean-up Information Analysis and Planning Analysis and Reporting Attack/ Privilege Escalation Information Gathering Vulnerability Detection Penetration Clean Up

  14. Penetration testing : MethodologySystem & NETWORK

  15. Penetration testing : MethodologyWeb Application • OWASP 2013 • A1-Injection • A2-Broken Authentication and Session Management • A3-Cross-Site Scripting (XSS) • A4-Insecure Direct Object References • A5-Security Misconfiguration • A6-Sensitive Data Exposure • A7-Missing Function Level Access Control • A8-Cross-Site Request Forgery (CSRF) • A9-Using Components with Known Vulnerabilities • A10-Unvalidated Redirects and Forwards

  16. Penetration testing : MethodologyMobile

  17. Penetration Testing: TOOLS - Commercial • Nessus Vulnerability Scanner - Tenable Network Security • Rapid 7 Nexpose + Metasploit Professional • CORE Impact Pro • Immunity CANVAS Professional • IBM APPSCAN • ACUNETIX • HP WebInspect • HavijAdvanced SQL Injection • ETC

  18. Penetration Testing: TOOLS - FREE • Tenable Nessus Home • Rapid 7 Nexpose Community • NMAP • Blackbuntu Linux • Firefox Addon • Metasploit • Kali Linux • ETC

  19. Report • Executive • Technical

  20. Benefit of Penetration testing • Manage Risk Properly • Increase Business Continuity • Minimize Client-side Attacks • Protect Clients, Partners And Third Parties • Comply With Regulation or Security Certification • Evaluate Security Investment • Protect Public Relationships And Brand Issues

  21. Q & A

More Related