The amount of data you can collect during a security assessment can be staggering, and it's easy for a tester to get distracted by the wrong things. Jerod returns to the idea of context, discussing the value that context brings to your security assessments. Jerod also shares a time management exercise to help you better understand how to use your time effectively on your next security assessment.
- [Instructor] Although reporting is often reserved…for the final stage of the security assessment,…you should be analyzing your findings as you go.…This sounds easier than it is in practice, though.…I believe one of the reasons for this challenge…is the nature of the work itself.…Security assessments, particularly, penetration tests…can be both intriguing and exciting.…Part of the appeal of working in this field…is that penetration testers are explicitly authorized…to do things that they might very well be arrested for…under different circumstances.…
Even better, we're not just allowed to do this,…we are paid for our efforts.…Many of the penetration testers I know…are inherently curious.…They may enjoy playing games and solving puzzles.…That part of the brain that works…through seemingly disconnected bits of information…and forms meaningful patterns.…There's a part of the brain…that makes pen testers good at what they do.…However, it can also distract them…from the ultimate goal of the engagement.…
We can get so caught up in testing new exploits…
Note: This course aligns with the National Institute of Standards and Technology (NIST) special publication on information security testing (SP 800-115).
- Identifying the five major types of security assessments
- Defining the security assessment life cycle
- Setting up your testing environment
- Planning a security assessment
- Reviewing documentation, logs, and more
- Identifying test targets
- Testing for password and other security vulnerabilities
- Drafting and delivering your report
Skill Level Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
Troubleshooting Your Network with Wiresharkwith Lisa Bock2h 35m Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
What you should know1m 49s
1. Understanding Security Assessments
2. Your Testing Environment
3. Planning Your Assessment
4. Review Techniques
5. Identifying Your Targets
6. Vulnerability Validation
7. Additional Considerations
Next steps3m 39s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.