Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.

Slides:



Advertisements
Similar presentations
Assessments, Audits, and Penetration Tests, Oh My Ira Winkler, CISSP
Advertisements

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
Presenter: Robbie Corley Organization: KCTCS
Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
Hands-On Ethical Hacking and Network Defense
Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Comp 8130 Presentation Security Testing Group Members: U Hui Chen U Ming Chen U Xiaobin Wang.
Our study’s purpose is to understand how groups and teams function in actual organizations. 2.
The Business of Penetration Testing
Web Application Testing with AppScan Terry Labach.
Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.
Computer Hacking By: Caleb Herring Katie Edom. What is Computer Hacking Computer Hacking is defined as one who uses programming skills to access, legally.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
SEC835 Database and Web application security Information Security Architecture.
Job Development: Unlocking the Mystery of Job Placement Presented by: Debbie Wilkes ©Debbie Wilkes.
Pen testing to ensure your security
Information Systems Security Computer System Life Cycle Security.
 Computer security policy ◦ Defines the goals and elements of an organization's computer systems  Definition can be ◦ Highly formal ◦ Informal  Security.
Nata Raju Gurrapu Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.
DYNAMIC VALIDITY PERIOD CALCULATION OF DIGITAL CERTIFICATES BASED ON AGGREGATED SECURITY ASSESSMENT By Alexander Beck Jens Graupmann Frank Ortmeier.
Penetration Test
Chapter 1 Ethical Hacking Overview. Objectives After reading this chapter and completing the exercises, you will be able to: Describe the role of an ethical.
CSCE 522 Secure Software Development Best Practices.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
Presents Ethical Hacking For Inplant Training / Internship, please download the "Inplant training registration form" from our website.
Module 5 – Vulnerability Identification  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification.
CSCE 201 Secure Software Development Best Practices.
Conduct A Strong Evaluation Soar to New Heights! 2013 National Equipment Finance Summit, Albuquerque, NM.
Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.
Presents Ethical Hacking 1 For Inplant Training / Internship, please download the "Inplant training registration form" from our.
Web Security Introduction to Ethical Hacking, Ethics, and Legality.
Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.
Chapter 9 Contract Considerations Contract Considerations C H A P T E R 9.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation.
CITA 352 Chapter 1 Ethical Hacking Overview. Introduction to Ethical Hacking Ethical hackers –Hired by companies to perform penetration tests Penetration.
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
CSCE 548 Secure Software Development Penetration Testing.
Hacking Techniques & Intrusion Detection
This section on vulnerability assessments includes the following topics:  Documentation review  Review of system logs, audit trails, and intrusion detection.
Defining your requirements for a successful security (and compliance
Topic 5 Penetration Testing 滲透測試
Seminar On Ethical Hacking Submitted To: Submitted By:
Security Testing Methods
Penetration Testing Karen Miller.
Vulnerability Assessments and Penetration Testing
NEED OF JAILBREAKING IN IOS PENETRATION TESTING
Unauthorized Access Risk Mitigation Techniques
Everything You Need To Know About Penetration Testing.
Myths About Web Application Security That You Need To Ignore.
Penetration Testing Computer Science and Software Engineering
Validating Your Information Security Program (ISP 3 of 3)
National Cyber Security
General Data Protection Regulation
Chris Romano Andrew Shepardson IA 456
Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.
Engineering Secure Software
Presentation transcript:

Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.

VULNERABILITY ASSESSMENT & PEN TESTING Vulnerability Assessment Vulnerability Assessment: Is the assessment of a system to determine if it has vulnerabilities or weaknesses that need to be resolved or patched. Is also known as a security audit. Can be performed by one person or a team of vulnerability researchers or security engineers. Is often known as a flaw or weakness that could be exploited by an outside attacker or compromised by internal personnel. Is necessary because many organizations, companies, and health facilities are required to meet certain compliance. HIPPA regulations are important so that health facilities hire the services of pen testers in order to meet compliance with vulnerability assessment being a great portion of the service.

VULNERABILITY ASSESSMENT & PEN TESTING Vulnerability Assessment Tools Nessus is on of the most popular vulnerability scanning tools. It is a commercial product and many companies often desire an individual that is skilled with it. OpenVas, which is the older open-source version of Nessus, is still available. It comes pre-packaged with Linux distributions such as Kali Linux. Nexpose – The vulnerability scanner, which is by Rapid 7, is available and highly capable of scanning a system for vulnerabilities with accuracy. There are plenty of open-source tools available, so I suggest that you take time to try them in your virtual lab. Do not choose an active target under any circumstances without authorization. Always obey the law!

VULNERABILITY ASSESSMENT & PEN TESTING Vulnerability Assessment Key Points Vulnerability Assessments do not involve any steps to fix or apply patches to a system. The objective of a vulnerability assessment is to determine the vulnerabilities and report them to the client. The assessment must be requested and authorized by the client prior to the performance of the assessment. The laws and permission of the client are in place to protect the client and security engineer form liabilities and legal backlash.

VULNERABILITY ASSESSMENT & PEN TESTING Penetration Testing Penetration Testing includes the actual exploitation of the vulnerabilities that are discovered during the phases of the vulnerability assessment. It includes vulnerability assessment; however, vulnerability assessment does not include penetration testing. Rules of engagement (ROE) are signed and understood by both parties before the beginning of a penetration test. The ROE limits the penetration testers from touching targets that are not permitted by the client.

VULNERABILITY ASSESSMENT & PEN TESTING Penetration Testing – Black Box, Gray Box, and White Box Testing Penetration testing usually falls under three categories: Black Box, Gray Box, and White Box. Black Box does not include any knowledge of the structure of the system, so this type of testing simulates the approach of an outside attacker. Gray Box includes only a limited knowledge of the layout of the target. White Box testing occurs when a penetration tester has complete knowledge of the layout of the target(s).

VULNERABILITY ASSESSMENT & PEN TESTING Penetration Testing – Personal Experiences My personal experience in pen testing is primarily from a black box testing perspective. Black box testing will surely test your knowledge and training in penetration testing. If the penetration test requires a team, the success of the it is heavily dependent on the cohesion of the team. A strength in one can balance the weakness in another. Penetration testing is not about ramming a tool into the most fortified part of a system, but using it to exploit the overlooked weaknesses. During a pen test, my team had to request permission to touch additional system that were found. We then received permission. The rules of engagement are in place for a reason.

VULNERABILITY ASSESSMENT & PEN TESTING Conclusion The key difference between vulnerability assessment and penetration testing is the lack of exploitation in vulnerability assessment and the actual exploitation in penetration testing. Permission must be granted to carry out either or both of these operations. Obey the cybercrime laws and regulations at all times. There are many available tools, yet one should not simply rely on only one tool to fit every situation. To gain further experience and training; research OWASP, create virtual labs, and complete the training on Cybrary.

VULNERABILITY ASSESSMENT & PEN TESTING Michael Lassiter A special thank you to Michael Lassiter for his submissions to Cybrary. We appreciate every member and hope that you enjoy expanding your knowledge through the training and resources provided. Thank you for your continued support! - Cybrary Staff

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.