Penetration tests place testers in the role of attackers. In this video, learn about penetration testing techniques, including verifying that a threat exists, bypassing security controls, testing security controls, and exploiting vulnerabilities. Also learn about the three types of penetration testing—white box, black box, and gray box.
- [Instructor] Vulnerability testing…merely probes systems for vulnerabilities.…Those tests can be active…reaching out and interacting with systems…but they are rarely dangerous…because they don't typically complete an attack.…Actually, executing an attack is,…however, the best way to understand…a system's vulnerabilities.…Penetration tests do this…by placing testers in the role of attackers.…During a penetration test,…attackers normally begin by gathering information…about systems and then using that information…to engage in actual attacks.…
The test is considered successful…if the attackers manage to penetrate the target system.…The goal is to test security controls…by attempting to by-pass or defeat them.…The National Institute for Standards and Technology,…NIST, suggests that penetration tests…loop back and forth between a discovery phase…and an attack phase.…During the discovery phase,…attackers conduct reconnaissance against systems…and think of possible avenues of exploit.…When they find a path of potential vulnerability,…
- Risk management actions
- Ongoing risk management
- Risk management frameworks
- Scanning for threats and vulnerabilities
- Advanced vulnerability scanning
- Monitoring log files
- Code review and code tests
- Test coverage analysis
Skill Level Intermediate
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover identifying threats, understanding attacks, technology and process remediation, remediating vulnerabilities, and security monitoring. In addition, the following topics were updated: risk management and monitoring log files.
IT Security Foundations: Core Conceptswith Lisa Bock1h 13m Beginner
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
1. Risk Management
2. Threat Modeling
3. Threat Assessment
4. Remediating Vulnerabilites
5. Security Monitoring
6. Software Testing
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.