Penetration Testingdc
Penetration Testingdc
INT245:PENETRATION TESTING
CO1 :: recite how to analyze the outcome from the tools and technologies used by security analyst
CO2 :: examine intensive assessments required to effectively identify and mitigate risks to the
information security of the infrastructure
CO3 :: summarize weaknesses in information system and recommend mitigation measures to
increase the resistance of the information technology (IT) infrastructure to unauthorized access.
CO4 :: analyze the outcomes of vulnerability assessments in the form of penetration testing reports
CO6 :: compile testing deliverables out of penetration testing reports and suggest post corrective
actions
Unit I
Introduction to Penetration Testing Methodologies : Penetration Testing, Common
Penetration Testing Techniques, Penetration Testing Process, Announced Testing/Unannounced
Testing, Types of Penetration Testing, Strategies of Penetration Testing, Operational Strategies for
Security Testing, Identifying Benefits of Each Test Type, Prioritizing the Systems for Testing, Phases
of Penetration Testing
Introduction to Customers and Legal Agreements : Why Organizations Need Penetration
Testing, Initial Stages in Penetration Testing, Understand Customer Requirements, Penetration
Testing “Rules of Behavior”, Approaches, Techniques of Attack, Penetration Testing Risks, Penetration
Testing by Third Parties, Legal Consequences, Confidentiality and NDA Agreements
Unit II
Introduction to Duties of a Licensed Penetration Tester : Duties of a Licensed
Penetration Tester, LPT-Audited Logos, Standards and Compliance, Laws, Rules of Engagement
(ROE)
Introduction to Penetration Testing Planning and Scheduling : Purpose of a Test Plan, Building
a Penetration Test Plan, Setting Up a Test Goal, IEEE Standards, Test-Plan Identifier, Test
Deliverables, Penetration Test Planning Phases, Defining the Scope, Staffing, Developing the Project
Plan, Meeting with the Client
Unit III
Introduction to External Penetration Testing : Internal Testing, Steps for Conducting External
Penetration Testing, Recommendations for Internal Network Penetration Testing
Introduction to Internal Network Penetration Testing : External Intrusion Test and Analysis,
External Penetration Testing, Steps for Internal Network Penetration Testing
Unit VI
Execution, Scope of the Project, Results Analysis, Recommendations, Appendices, Client-Side Test
Reports, Client-Side Penetration Report, User Report, Test Reports on Web Applications, Sign-Off
Document
Introduction to Post-Testing Actions : Prioritize Recommendations, Develop an Action Plan,
Create a Process for Minimizing Instances of Misconfigurations, Apply Updates and Patches, Capture
Lessons Learned and Best Practices, Create Security Policies, Conduct Training, Conduct a Social
Engineering Class, Destroy the Penetration Testing Report
Introduction to Nmap: Basic commands of Nmap, System scanning using nmap, interpretation of gathered
information using nmap
Introduction to Metasploit: Introduction to the tool, basic commands for searching, selection, parameter
configurations and deployment of exploits
Cross Site Scripting (XSS): Introduction to cross site scripting, identification of websites vulnerable to cross site
scripting
XSS vulnerabilities identification: Identification of XSS vulnerabilities in the websites and the way they could be
exploited
SQL Injection: Introduction to SQL injection, Automated SQL injection using SQLmap
References:
1. CompTIA PENTEST+ STUDY GUIDE by MIKE CHAPPLE, SYBEX
Session 2021-22