Back to
Course Description
Course Agenda for Security Testing Techniques
| 1. Introduction |
- Terminology
- What is security testing?
- What is an ethical hacker?
- Types of attacks
- Lifecycle of a hack
|
| 2. Test
Process |
- Gathering information
- Obtaining permission
- Researching vulnerabilities
- Defining the plan
- Enumerating the risks
- Performing the tests
- Reporting
- Ethics and Legal Issues
|
| 3.Security
Testing Techniques |
- Network scanning
1. TCP/UDP scanning
2. Fingerprinting
3. Tools
- Vulnerability Scanning
1. Network-based
2. Host-based
- Password Cracking
1. Via social engineering
2. Types of password cracking
3. Cracking tools
4. Preventing password cracking
- Log Review
1. Manual
2. Automated tools
- Integrity Checkers
1. Files
2. Databases
- Virus Detection
1. Network
2. End-user
- War Dialing
1. Unauthorized modems
2. Internet access
3. Wireless
- Penetration Testing
1. Network
2. End-User
|
| 4. Client vs.
Server Testing |
- Workstation penetration testing
1. War dialing
2. Viruses, Worms, Trojans
3. Rootkits
4. Information theft
5. Windows-specific attacks
6. Linux-specific attacks
- LAN and WAN based penetration testing
1. IP spoofing
2. DNS spoofing
3. Email spoofing
4. Denial of service
5. Wireless LANs
|
| 5. Internet-based
application vulnerabilities |
- Email servers
- Instant messaging
- Web servers
- Web applications
|
