Course Description
In this intensive hands-on course, you will learn how to detect, assess, and exploit numerous CyberSecurity vulnerabilities that stem from improper software configuration, software inconsistencies, and design flaws within an overall network infrastructure and applications. You will also examine useful methods for uncovering wired and wireless network backdoors. Working through a series of hands-on exercises, you will discover the most common CyberSecurity mistakes made by vendors, administrators, and users, and master proven tactics for thwarting them.
You will discover methods for locating and confirming frequently exploited Web and other TCP/IP application vulnerabilities. You will get proven tips on building a powerful CyberSecurity testing tool kit using both freeware and commercial tool alternatives that will let you test for frequently exploited TCP/IP network and computing platform-specific security vulnerabilities. In addition, you will review a detailed analysis of a wide array of CyberSecurity testing tools for use on both Windows and Linux workstations.
Learning Objectives
- Identify the key incremental phases and deliverables in vulnerability and penetration testing
- Understand the importance of clear definition and communication of the “Rules of Engagement” for all parties involved
- Assess the risks, strengths, and weaknesses in different categories of testing tools
- Learn how to develop and use advanced CyberAudit software techniques to increase audit coverage
Course Outline
Developing a Network CyberSecurity Testing Plan
- Delineating between CyberSecurity vulnerability testing and penetration testing
- Sources and cautions for CyberSecurity vulnerability and threat alerts…and tools
- Defining a vulnerability and penetration testing methodology
- Guidelines for conducting the tests: “Rules of Engagement”
- Building an economical portable vulnerability testing toolkit, including cloud-based tools
Using CyberSecurity Reconnaissance, Discovery, and Enumeration Tools and Techniques
- Network recon, discovery, and enumeration CyberAudit objectives
- Discovering and leveraging public information about a target organization
- Wired and wireless network host discovery and application enumeration: port scanning, SNMP probes, wireless scanners and crackers
Using CyberSecurity Vulnerability Scanning and Exploit Tools
- CyberAudit vulnerability scanning objectives
- Configuring, running, and interpreting the results of vulnerability scanners
- sing exploit consoles and individual scripts and commands to exploit detected weaknesses in common TCP/IP network applications
U
Using Web Application CyberSecurity Scanning and Exploitation Tools
- Understanding the operation and weaknesses of the HTTP protocol
- Deploying web testing and exploit tools
Additional Information
Who Should Attend
IT Auditors
Information Security Managers, Analysts, and Architects
IT Management
System Administrators
Network Engineers
Consultants
Learning Level
Advanced
Delivery
Group-Live
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
Simplifying Audits of Network CyberSecurity (CY10) or equivalent training. Familiarity with TCP/IP concepts and terminology, including the use of basic network software utilities found in Windows and/or Unix, is assumed.
Session Duration
On Site: 4 days
CPE Credits: 32