Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chris Romano Andrew Shepardson IA 456

Published byChristine Bond Modified over 6 years ago

Similar presentations

Presentation on theme: "Chris Romano Andrew Shepardson IA 456"— Presentation transcript:

1 Chris Romano Andrew Shepardson IA 456
Penetration Tests Chris Romano Andrew Shepardson IA 456

2 Pen-Test?

3 Vulnerability Assessment == Find
Differences Vulnerability Assessment == Find  Penetration Test == Exploit 

4 Pen-Test? Evaluating a system’s security infrastructure by trying to exploit vulnerabilities A set goal to be reached  Started by the DoD in mid-1960’s One component of a full security audit

5 Do I need a Pen-Test? Find entry points before an attacker does
Test development environments Compliance

6 What’s Vulnerable?

7 Everything

8 The Steps Obtain information Conduct Identify & Confirm Address
Exposures

9 Types of Pen Tests External: outside attacker
Internal: inside attacker Blind: tester only given name of organization Double Blind: 1-2 individuals aware of testing Targeted: tester + security team work together

10 Should I be assessed? Avoid Breaches Compliance Improve policies

11 Testing Tools

12 Scanning Tools

13 Basic Pen Testing Example

14 How to get involved

Download ppt "Chris Romano Andrew Shepardson IA 456"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
PhoenixPro Procurement. technology. contracts. projects.

PhoenixPro Procurement. technology. contracts. projects.
Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.

Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.
Protection of Information Assets I. Joko Dewanto 1.

Protection of Information Assets I. Joko Dewanto 1.
SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam.

SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
Increase Information Assurance Awareness through Secure Operations/Management Training and Certification Percent Trained & Certified Goal = 100% Percentage.

Increase Information Assurance Awareness through Secure Operations/Management Training and Certification Percent Trained & Certified Goal = 100% Percentage.
August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.

August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.
Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.

Vulnerability Assessment & Penetration Testing By: Michael Lassiter Jr.
Security Posture Assessment (SPA) Headquarters: Ofisgate Sdn Bhd (610820-A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, 57000 Kuala Lumpur,

Security Posture Assessment (SPA) Headquarters: Ofisgate Sdn Bhd ( A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, Kuala Lumpur,
Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls.

Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Introduction to Network Defense

Introduction to Network Defense
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.

Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.
CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 4 Tom Olzak, MBA, CISSP.

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 4 Tom Olzak, MBA, CISSP.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

Similar presentations

Ads by Google