Penetration Testing Life Cycle Explained

It's becoming more and more essential to understand what a penetration tester does for a business. This course will walk you through the key steps taken by a penetration tester.
Course info
Rating
(16)
Level
Beginner
Updated
Jun 22, 2017
Duration
1h 38m
Table of contents
Description
Course info
Rating
(16)
Level
Beginner
Updated
Jun 22, 2017
Duration
1h 38m
Description

Are you worried about vulnerabilities facing your business, network, or home? In this course, Penetration Testing Life Cycle Explained, you'll develop an understanding of the ins and outs of penetration testing. First, you'll begin by learning a basic overview of the life cycle of penetration testing from getting the documentation ready, to the legal aspects. Next, you'll explore the specific different phases of penetration testing, including planning, discovery, and enumeration. Finally, you'll learn valuable tools and resources to aid in being a successful and correct penetration tester. By the end of this course, you'll have the necessary knowledge to embark on a deeper dive into penetration testing.

About the author
About the author

Angelique started playing around system security at a very young age. Today, she has devoted herself to cyber security and joining the fight against cybercrime. She is a mother of two, gamer, geek, and wife, loving spending time with her boys, robots, and computers. She does local community chats on how to keep yourself digitally safe, works as security analyst, and she does class room training to build a force of penetration testers and security professionals.

Section Introduction Transcripts
Section Introduction Transcripts

Phase 1: Planning
Hello, Angelique again, and welcome back. I suppose everyone of you is like me where we love getting our hands into the practical stuff, and don't really worry too much about the admin, but admin in this case will be our best friend, and the better the admin, the better the hack, so let's start. In this module, we're going to have a look at why the planning phase is so important, what the planning phase consists of, and well, what paper you'll need in order to do the job right. The planning phase consists of the company background, everything that's going on in the company, and what they do, and why you're going to be testing, the objectives and scopes, what exactly you're going to test, and what is going to be left out of the test, the exclusions and constraints, why something won't be tested and reasons for that, how long the company is going to be down, and well, which department or area within the business will be affected, how exactly are we going to be approaching our hack, and well, also listing what we've done, exactly what we found when we performed our pen test, and well last, but not least, putting everything together into a metrics. Well I like saying that planning is sort of like, I don't know, playing a game. You first need to build the strengths and skills of the character in order to defeat the bad guy. The same principle applies here. For you to actually execute a pen test, you need to know exactly what, where, how, and why, and all of those are what's happening within the planning phase. So, let's start building our character in order to defeat the villain. For the demo, I have added a document at the end of this video. You can take the time now, download the document so that we can follow it, and see you in a bit.

Phase 2: Discovery
Hello, welcome back. I'm Angelique Keyter, and thank you for joining me in the next series called the Discovery Phase. If you're joining me for the first time, I suggest you go back to view the other modules, so that you can follow us in sequence. In this presentation, we're going to start digging for some gold, but in order to find gold, we sort of need to know where to look. So we're going to start with the passive objectives or passive reconnaissance. The tools we will look at is Google Dorks, so please go and visit www. exploit-db. com. We're going to play with the whois. We're going to go and type a couple of commands in nslookup, and lastly we're going to check out whether or not our targets, in this case, is using IIS or Apache. So, guys, keep it clean, and I'll see you in a bit.