The artifacts generated during a security assessment come in many forms, including automated scan reports, written notes and reports, and communications exchanged during the engagement. Protecting these artifacts is extremely important, considering what might happen if they ended up in the wrong hands. Jerod discusses data collection and handling considerations that you should consider incorporating into your own practices.
- [Instructor] Think for a moment…about how much sensitive data you'll be collecting…and how much sensitive information you'll be creating…during the security assessment.…Every scan you run will leave artifacts,…both within the scanning tools themselves…and in the reports generated by those tools.…You'll be recording your thoughts and comments in documents,…spreadsheets, and mind maps throughout the assessment…as you puzzle out what damage an attacker…could potentially inflict…using the vulnerabilities you've uncovered.…
As you communicate with the customer and with anyone…on your team who's assisting with the assessment,…you'll be leaving potentially sensitive information…in voicemails and email messages.…Just consider the final report.…If that report fell into the hands of someone…who wished to target your customer,…it would serve as a step-by-step guide…in how to do that damage as quickly…and efficiently as possible.…It goes without saying…that your data handling procedures need to be…as well thought out as the testing activities themselves.…
Note: This course aligns with the National Institute of Standards and Technology (NIST) special publication on information security testing (SP 800-115).
- Identifying the five major types of security assessments
- Defining the security assessment life cycle
- Setting up your testing environment
- Planning a security assessment
- Reviewing documentation, logs, and more
- Identifying test targets
- Testing for password and other security vulnerabilities
- Drafting and delivering your report
Skill Level Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
Troubleshooting Your Network with Wiresharkwith Lisa Bock2h 35m Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
What you should know1m 49s
1. Understanding Security Assessments
2. Your Testing Environment
3. Planning Your Assessment
4. Review Techniques
5. Identifying Your Targets
6. Vulnerability Validation
7. Additional Considerations
Next steps3m 39s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.