Penetration Testing Essential Concepts
o Computer Network Fundamentals
o TCP/IP protocol suite
o IP Addressing and port numbers
o Network Terminology
o Windows Security
o Unix/Linux Security
o Virtualization
o Web Server
o Application Development Frameworks and their Vulnerabilities
o Web API’s
o Working of Most Common Information Security Attacks
o Information Security Standards, Laws and Acts
Introduction to Penetration Testing and Methodologies
o What is Penetration Testing?
o ROI for Penetration Testing
o How Penetration Testing Differs from Ethical Hacking?
o Comparing Security Audit, Vulnerability Assessment, and Penetration Testing
o Types of Penetration Testing
o Penetration Testing: Cost and Comprehensiveness
o Selecting an Appropriate Testing Type
o Different Ways of Penetration Testing
o Selecting the Appropriate Way of Penetration Testing
o Common Areas of Penetration Testing
o Penetration Testing Process
o Penetration Testing Phases
o Penetration Testing Methodologies
o Need for a Methodology
o LPT Penetration Testing Methodology
o Penetration Testing Essentials
Penetration Testing Scoping and Engagement Methodology
o Penetration Testing: Pre-engagement Activities
o Pre-engagement Activities
o Request for Proposal (RFP)
o Preparing Response Requirements for Proposal Submission
o Setting the Rules of Engagement (ROE)
o Establishing communication lines: Identify the Details of the Key Contact
o Timeline
o Time/Location
o Frequency of meetings
o Time of Day
o Identify who can help you?
o ROE Document
o Handling Legal Issues in Penetration Testing Engagement
o Penetration Testing Contract
o Preparing for Test
Open-Source Intelligence (OSINT) Methodology
o OSINT Gathering Steps
o OSINT through Website Analysis
o OSINT Through DNS Interrogation
o Automating your OSINT Effort Using Tools/Frameworks/Scripts
Social Engineering Penetration Testing Methodology
o Social Engineering Penetration Testing
o Skills Required to Perform Social Engineering Pen Test
o Common Targets of Social Engineering Pen Test
o Do Remember: Before Social Engineering Pen Test
o Black Box or White Box?
o Social Engineering Penetration Testing Steps
o Social Engineering Penetration testing using E-mail Attack Vector
o Social Engineering Penetration testing using Telephone Attack Vector
o Social Engineering Penetration testing using Physical Attack Vector
Network Penetration Testing Methodology - External
o Network Penetration Testing
o External vs. Internal Penetration Testing
o External Network Penetration Testing
o Internal Network Penetration Testing
o Network Penetration Testing Process
o White, Black or Grey-box Network Penetration Testing?
o External Network Penetration Testing Steps
o Port Scanning
o OS and Service Fingerprinting
o Vulnerability Research
o Exploit Verification
Network Penetration Testing Methodology - Internal
o Internal Network Penetration Testing
o Why Internal Network Penetration Testing?
o Internal Network Penetration Testing Steps
o Footprinting
o Network Scanning
o OS and Service Fingerprinting
o Enumeration
o Vulnerability Assessment
o Windows Exploitation
o Unix/Linux Exploitation
o Other Internal Network Exploitation Techniques
o Post Exploitation
Network Penetration Testing Methodology - Perimeter Devices
o Steps for Firewall Penetration Testing
o Steps for IDS Penetration Testing
o Steps for Router Penetration Testing
o Steps for Switch Penetration Testing
o Assessing Firewall Security Implementation
o Assessing Security of Switches
Web Application Penetration Testing Methodology
o White Box or Black Box?
o Web Application Penetration Testing
o Web Application Security Frame
o Security Frame vs. Vulnerabilities vs. Attacks
o Web Application Penetration Testing Steps
o Discover Web Application Default Content
o Discover Web Application Hidden Content
o Identify the Attack Surface Area
o Tests for XSS Vulnerabilities
o Tests for Parameter Tampering
o Tests for Weak Cryptography Vulnerabilities
o Tests for Client-Side Scripting Attack
o Tests for Broken Authentication and Authorization Vulnerabilities
o Tests for Broken Session Management Vulnerabilities
o Test for Web Services Security
o Tests for Business Logic Flaws
Database Penetration Testing Methodology
o Database Penetration Testing Steps
o Information Reconnaissance
o Database Enumeration: Oracle
o Database Enumeration: MS SQL Server
o Database Enumeration: MySQL
o Vulnerability and Exploit Research
o Database Exploitation: Oracle
o Database Exploitation: MS SQL SERVER
o Database Exploitation: MySQL
Wireless Penetration Testing Methodology
o Wireless Penetration Testing
o WLAN Penetration Testing Steps
o RFID Penetration Testing Steps
o NFC Penetration Testing Steps
o Mobile Device Penetration Testing Steps
o IoT Penetration Testing Steps
o Wireless Local Area Network (WLAN) Penetration Testing
o NFC Penetration Testing
o Mobile Device Penetration Testing
o IoT Penetration Testing
Cloud Penetration Testing Methodology
o Distribution of Public Cloud Services: AWS, Azure, Google Clouds Are on TOP Among Others
o Cloud Computing Security and Concerns
o Security Risks Involved in Cloud Computing
o Role of Penetration Testing in Cloud Computing
o Do Remember: Cloud Penetration Testing
o Scope of Cloud Pen Testing
o Cloud Penetration Limitations
o Cloud Specific Penetration Testing
o Cloud Reconnaissance
o Identify the Type of Cloud to be Tested
o Identify What to be Tested in Cloud Environment
o Identify the Tools for Penetration Test
o Identify What Allowed to be Tested in Cloud Environment
o Identify Which Tests are Prohibited
o AWS’s Provision for Penetration Testing
o Azure’s Provision for Penetration Testing
o Google Cloud’s Provision for Penetration Testing
o Identify Date and Time for Penetration Test
o Cloud Specific Penetration Testing
o Recommendations for Cloud Testing
Report Writing and Post Testing Actions
o Penetration Testing Deliverables
o Goal of the Penetration Testing Report
o Types of Pen Test Reports
o Characteristics of a Good Pen Testing Report
o Writing the Final Report
o Document Properties/Version History
o Table of Contents/Final Report
o Summary of Execution
o Scope of the Project
o Evaluation Purpose/System Description
o Assumptions/Timeline
o Summary of Evaluation, Findings, and Recommendations
o Methodologies
o Planning
o Exploitation
o Reporting
o Comprehensive Technical Report
o Result Analysis
o Recommendations
o Appendices
o Sample Appendix
o Penetration Testing Report Analysis
o Report on Penetration Testing
o Pen Test Team Meeting
o Research Analysis
o Pen Test Findings
o Rating Findings
o Analyze
o Prioritize Recommendations
o Delivering Penetration Testing Report
o Cleanup and Restoration
o Report Retention
o Post-testing Actions for Organizations
