Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penetration Testing Computer Science and Software Engineering

Published byMarvin Hopkins Modified over 6 years ago

Similar presentations

Presentation on theme: "Penetration Testing Computer Science and Software Engineering"— Presentation transcript:

1 Penetration Testing Computer Science and Software Engineering
© 2014 Project Lead The Way, Inc.

2 Presentation Name Course Name Unit # – Lesson #.# – Lesson Name Ethics Ethical users only access data and computer resources that they are authorized to access. Computing professionals sometimes need to access other people's data and resources. This is ethical under certain circumstances but requires written authorization from the owner. Who is the owner of your data? Note that you do not own your data as a student, customer, or employee in many cases!

3 Presentation Name Course Name Unit # – Lesson #.# – Lesson Name Penetration Testing Professional pen-testers access data and resources that are not theirs. They need written permission from the owners. White-hat pen-testers have permission, and employees know about their work. Gray-hat pen-testers have permission, but IT employees do not know about them. Black-hat pen-testers do not have permission. They are behaving unethically and illegally. White-hat pen-testers are hired by the owner of data or computing resources to break in, to reveal weaknesses, and to recommend ways to repair vulnerabilities. Gray-hat pen-testers are also hired by the owners of the resources, but without knowledge of the company's IT professionals. Gray-hat pen-testers conduct drills to see whether a company's IT staff will detect and prevent the intrusion. Black-hat pen-testers are unethical hackers. Once a person has been caught once as a black-hat hacker, no matter how minor, they are prohibited from work as a pen-tester because it is too risky to trust them.

4 Professional Opportunities
Presentation Name Course Name Unit # – Lesson #.# – Lesson Name Professional Opportunities Many companies are required by law to contract penetration testers to evaluate their computer systems annually to protect consumers. If you are interested in pen-testing, seek only ethical opportunities to learn about the profession! Most 2- and 4-year colleges offer programs of study in cybersecurity. High school competitions are a great start!

5 Presentation Name Course Name Unit # – Lesson #.# – Lesson Name User Privileges Many operating systems identify read, write, and execute privileges for each file and directory. A directory listing in Unix-like systems shows this information with ls -la The owner The group This file is owned by the user "ron". There is also a group named "ron". In Unix, each user has a group they can add other people to in order to share files for reading or writing. The National Security Administration developed SELinux (security-enhanced Linux) that allows the system administrator to assign permissions based on roles, similar to groups.

6 Presentation Name Course Name Unit # – Lesson #.# – Lesson Name User Privileges Many operating systems identify read, write, and execute privileges for each file. Permissions for the owner The user "ron" can read this file/directory, write (edit, delete) this file/directory, and execute this file/directory. For a directory, "read" means see the filenames inside the directory and "execute" means change directories into it.

7 Presentation Name Course Name Unit # – Lesson #.# – Lesson Name User Privileges Many operating systems identify read, write, and execute privileges for each file. Permissions for the group This users in the group (which is also called "ron") can read or execute this file/directory, but they cannot write to this file/directory.

8 Presentation Name Course Name Unit # – Lesson #.# – Lesson Name User Privileges Many operating systems identify read, write, and execute privileges for each file. Permissions for the other users Any other user on this Linux machine can execute this file/directory, but they cannot read or write to it.

9 Privileges of Software
Presentation Name Course Name Unit # – Lesson #.# – Lesson Name Privileges of Software Software also runs with specific privileges to read, write, and execute data. Some software runs with more privileges than the user who executes it. Windows uses User Account Control, which prompts the user to confirm they want to grant privileges to software. Think before you say OK!

10 Escalation of Privileges
Presentation Name Course Name Unit # – Lesson #.# – Lesson Name Escalation of Privileges Software also runs with specific privileges to read, write, and execute data. Some software runs with elevated privileges, more than the user who executes it. Escalation of privileges: If a hacker gets in, the hacker can gain more privileges using software with elevated privileges.

11 Example: Set-User-ID Permission
Presentation Name Course Name Unit # – Lesson #.# – Lesson Name Example: Set-User-ID Permission Other users are allowed to execute the program listed below. While running, this program has permission to do anything the program's owner is allowed to do. This file has an "s" where you would expect to see an "x" for execute. This is a special permission for this file called "set user ID". When the file Marro is executed, it will have all the privileges of the user "pentest," including reading, writing, and executing other files that the user "pentest" is allowed to read, write, or execute. Set-user-ID permission

Download ppt "Penetration Testing Computer Science and Software Engineering"

Similar presentations

Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.

Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.
Understand Database Security Concepts

Understand Database Security Concepts
Computer Threats I can understand computer threats and how to protect myself from these threats.

Computer Threats I can understand computer threats and how to protect myself from these threats.
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.

1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
By: Quan N. 7 th period 4/8/2014.  Apply hacking skills for protection  Protect company networks from unethical and illegal hackers  Penetrate the.

By: Quan N. 7 th period 4/8/2014.  Apply hacking skills for protection  Protect company networks from unethical and illegal hackers  Penetrate the.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
IST346: Information Ethics. Ethics  Ethics are the principles of conduct that govern a group of people.  Ethics are not morals.  Morals are the proclamation.

IST346: Information Ethics. Ethics  Ethics are the principles of conduct that govern a group of people.  Ethics are not morals.  Morals are the proclamation.
Introducing Computer and Network Security

Introducing Computer and Network Security
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Building Secure Software Chapter 9 Race Conditions.

Building Secure Software Chapter 9 Race Conditions.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 24 NTFS Permissions and Sharing Printers 1.

Fall 2011 Nassau Community College ITE153 – Operating Systems Session 24 NTFS Permissions and Sharing Printers 1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Similar presentations

Ads by Google