Security Testing Essential Training

Security Testing Essential Training

English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 3h 26m | 593 MB

Is your organization secure? In order to answer this question confidently, you need to perform testing to prove that it is indeed secure. However, not all security testing is the same. A risk assessment is not a vulnerability assessment; a penetration test won’t measure compliance. For a successful career, a security analyst needs to understand the many different types of security testing and know when and how to implement them. This course with security architect Jerod Brennen provides the resources you need to set up a testing environment, plan assessments, identify targets, and begin executing security tests. Jerod also helps you analyze test results and draft a report of your findings. Plus, see popular testing framework tools in action, including Nmap, Nessus, Wireshark, Lynis, OWASP ZAP, Aircrack-ng, and hashcat, as run on a Kali Linux virtual machine.

Table of Contents

Introduction
1 The importance of security testing
2 What you should know

Understanding Security Assessments
3 Language is important
4 Risk assessments
5 Calculating risk score
6 Security controls assessments
7 NIST and ISO
8 Compliance assessments
9 Vulnerability assessments
10 Penetration tests
11 Goals of a pen test
12 The security assessment lifecycle

Your Testing Environment
13 The security tester’s toolkit
14 Kali Linux
15 Nmap
16 Nessus
17 Wireshark
18 Lynis
19 CIS-CAT Lite
20 Aircrack-ng
21 Hashcat
22 OWASP ZAP
23 OWASP ZAP demo

Planning Your Assessment
24 Understanding your scope
25 Improving over time
26 Selecting your methodology
27 Selecting your tools
28 Basic assessment tools
29 Advanced assessment tools

Review Techniques
30 Documentation review
31 Log review
32 Log management tools
33 Ruleset review
34 System configuration review
35 CIS-CAT demo
36 Network sniffing
37 Wireshark demo
38 File integrity checking

Identifying Your Targets
39 Network discovery
40 Open-source intelligence
41 Network port and service identification
42 Nmap demo
43 Vulnerability scanning
44 Determining severity
45 Nessus demo
46 Wireless scanning
47 Wireless testing process
48 Aircrack-ng demo

Vulnerability Validation
49 Password cracking
50 Hashcat demo
51 Penetration test planning
52 Penetration test tools
53 Penetration test techniques
54 Social engineering
55 SET demo

Additional Considerations
56 Coordinating your assessments
57 Data analysis
58 Providing context
59 Data handling
60 Drafting your report
61 Delivering your report

Conclusion
62 Next steps
63 Additional resources

Homepage