Penetration tests place testers in the role of attackers. In this video, learn about penetration testing techniques including verifying that a threat exists, bypassing security controls, testing security controls, and exploiting vulnerabilities. Additionally, learn about the three types of penetration tests: white box, black box, and grey box.
- Vulnerability testing merely probes…systems for vulnerabilities.…Those tests can be active,…reaching out and interacting with systems,…but they are rarely dangerous…because they don't typically complete an attack.…Actually, executing an attack is,…however, the best way to understand…the system's vulnerabilities.…Penetration test do this by placing testers…in the role of attackers.…During a penetration test attackers normally begin…by gathering information about systems,…and then using that information to engage in actual attacks.…
The test is considered successful…if the attackers managed to penetrate the target system.…The goal is to test security controls…by attempting to bypass or defeat them.…The National Institute for Standards and Technology,…NIST, suggest that penetration tests loop back and forth…between a discovery phase and an attack phase.…During the discovery phase attackers…conduct reconnaissance against systems…and think of possible avenues of exploit.…When they find a path of potential vulnerability,…
Looking for study partners?Join the CISSP Exam study group
Learn about security assessment and testing practices needed to prepare for the Certified Information Systems Security Professional (CISSP) exam. CISSP—the industry's gold standard certification—is necessary for many top jobs. This course helps you approach the exam with confidence by providing coverage of key topics, including threat assessment, log monitoring, and software testing. It also covers disaster recovery and security process assessment. Students who complete this course will be prepared to answer questions on the sixth CISSP exam domain: Security Assessment and Testing.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Using security assessment tools
- Scanning for vulnerabilities
- Threat assessment techniques
- Performing penetration testing
- Reviewing monitor logs
- Performing code reviews
- Performing fuzz testing and misuse case testing
- Analyzing coverage
- Assessing disaster recovery sites and backups
- Testing BC/DR plans
- Collecting security process data and metrics
- Auditing and control management