Certified Penetration Tester

Certified Penetration Tester

Course Overview

Certified Penetration Tester course provides you with a real world hands-on penetration testing experience and is a globally accepted hacking and penetration testing class available that covers the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report.

The design of the course is such that the instructor in the class will actually take you through the core concepts of conducting a penetration test based on penetration testing methodology and report writing process for this organisation.

Today this course & techniques are very demand in InfoSec consultants working for software companies, IT security firms, Government and Private Sectors etc.

This course brings an enhanced concentration on methodology for network, web application, database, wireless, and cloud pen testing by using penetration testing methodologies like suggested from ISO 27001, OSSTMM, OWASP and NIST Standards.

Who Should Attend

The training program is ideal for those working in positions such as, but not limited to -

Ethical Hackers, Penetration Testers, Network Server Administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment Professionals.

Course Duration

  • 40 Hours.

Course Content

Introduction to Penetration Testing and Methodologies

  • What is Penetration Testing?
  • Types of Penetration Testing
  • Penetration Testing Phases
  • Penetration Testing Methodology
  • Penetration Testing Strategies
  • Ethics of Penetration Tester

Penetration Testing Scoping and Engagement Methodology

  • Security Concerns
  • Data security Measure
  • Risk Analysis
  • Risk Assessment Steps
  • Security Policies
  • Information Security Standards
  • Information Security Acts

Open Source Intelligence (OSINT) Methodology

Packet Analysis

  • Overview of TCP/IP Model
  • TCP/IP Protocol Stack
  • Analysis of TCP/UDP Services
  • Overview of IPv4 and IPv6

Pre-penetration Testing Steps

  • Send a Preliminary Information Request Document to the Client
  • Identify the Type of Testing: Black-box or White-box
  • List the Servers, Workstations, Desktops and Network Devices that Require Testing
  • Draft Contracts
  • Identify Who Will be Leading the Penetration Testing Project

Information Gathering Methodology

  • What is Information Gathering
  • Find the Company’s URL and Geographical Location
  • Search for Contact Information, Email Addresses, and Telephone Numbers about company and Employees
  • Gather Company’s Infrastructure Details
  • Gather Competitive Intelligence

Vulnerability Analysis

  • What is Vulnerability Assessment?
  • Why Assessment?
  • Vulnerability Classification
  • Types of Vulnerability Assessment
  • Vulnerability Management Life Cycle
  • Comparing Approaches to Vulnerability Assessment

External Network Penetration Testing Methodology

  • External Intrusion Test and Analysis
  • Perform Information Gathering
  • Create Topological Map of the Network
  • Identify the Physical Location and OS of the Target Servers
  • Checking for Live Systems
  • Perform Port Scanning
  • Perform OS Fingerprint

Internal Network Penetration Testing Methodology

  • Why Internal Network Penetration Testing?
  • Internal Network
  • Perform Information Gathering
  • Scan the Network
  • Perform Enumeration
  • Sniff the Network
  • Attempt Replay, ARP Poisoning, Mac Flooding, DNS Poisoning Attacks

Firewall Penetration Testing Methodology

  • What is a Firewall?
  • What Does a Firewall Do?
  • Types of Firewalls
  • Firewall Policy
  • Build a Firewall Ruleset
  • Find the Information about Target
  • Locate the Firewall

IDS Penetration Testing Methodology

  • Introduction to Intrusion Detection System(IDS)
  • Types of IDS
  • Why IDS Penetration Testing?
  • Common Techniques Used to Evade IDS System
  • IDS Penetration Testing Steps
  • Test the IDS by Packet Flooding
  • Test the IDS for a Denial-of-Service(DoS) Attack

Web Application Penetration Testing Methodology

  • Introduction to Web Application
  • Web App Pen Testing Phases
  • Perform Web Spidering
  • Perform Service Discovery
  • Examine Source of the Available Pages
  • Test for Proxy Functionality
  • Test for Database Connectivity

SQL Penetration Testing Methodology

  • An Overview to SQL Injection
  • Types of SQL Injection
  • SQL Penetration Testing
  • Manual SQL Injection Penetration Testing
  • Automated SQL Injection System
  • SQL Injection Penetration Methodology

Database Penetration Testing Methodology

  • Sniffing Database-Related Traffic
  • Retrieving the Database Information Through a Vulnerable Web Application
  • Google Hacks
  • Database Penetration Testing Steps
  • Penetrating Oracle Database
  • Scanning Default and Non-Default Ports

Wireless Network Penetration Testing Methodology

  • Wireless Penetration Testing
  • Wireless Security threats
  • Wireless Penetration Testing Tools
  • Wireless Penetration Testing Steps
  • Introduction to RFID Security

Mobile Devices Penetration Testing Methodology

  • Why Mobile Device Penetration Testing?
  • Requirements for Mobile Device Penetration Testing
  • Mobile Penetration Testing Methodology
  • Communication Channel Penetration Testing
  • Server-side Infrastructure Pen Testing
  • Application Penetration Testing

Cloud Penetration Testing Methodology

  • Cloud Computing Security and Concerns
  • Security Risk Involved in Cloud Computing
  • Scope of Cloud Pen Testing
  • Steps to Conduct Cloud Pen Testing

Report Writing and Post Test Actions

  • Goal of the Penetration Testing Report
  • Examine Types of Pen Testing Reports
  • Analyse and Finalize the Report
  • Review and Finalise the Report
  • Sample Pen Testing Report Format