Penetration tests are authorized simulated attacks on a computer system, performed to evaluate the security of the system.
Discover how penetration testing exposes weaknesses in security. During this course, you will learn all about the CompTIA PenTest+ exam. Begin by getting to know your audience and the rules of engagement for penetration tests. Next, compare resources, requirements, and budgets. Observe how to conduct an impact analysis and trace remediation timelines. Learn how to review disclaimers and confirm engagement support resources; consider technical constraints, and examine contracts and agreements, such as statements of work. Evaluate environmental differences between clients. Finally, learn why it is important to get written authorization instead of an oral agreement, before the execution of a penetration test.
How far does a security test need to go? This course also shows you how to set the scope of a security penetration test. Begin by identifying security assessment types, how to select security targets, and how to determine the testing scope strategy. Next, you will determine who tests the security and learn how to confirm their test methods. Discover how to review the test outcome to determine the level of acceptable risks, risk impacts, and risk treatments. Learn how to avoid scope creep with clients, and identify threat actors and agents. Conclude by aligning tests to regulations and standards, such as PCI DSS, FISMA, MARS-E, HIPAA, SOX, and ISO.
Discover how to gather information and perform white hat reconnaissance through scanning, enumeration, fingerprinting, and eavesdropping. This course can be used as part of the preparation for the PT0-001: CompTIA PenTest+ certification exam. Among the topics covered you will explore how to leverage data to prepare for exploitation. Learn about packet crafting, packet and certificate inspection, decompilation, debugging, open-source intelligence collection, and how to map and prioritize potential intruders. Identify common attack techniques. Conclude with an exercise to name five of the OWASP Top 10 for 2017, list five certificate inspection issues and common enumeration types, and list three UNIX/Linux enumeration tools.