I have another Pluralsight course published. Still focusing on penetration testing, I was asked to create a high level overview course on the subject. Penetration Testing: The Big Picture was published on October 6, 2017 and looks at a wide variety of topics on penetration testing.
The focus in this course is to present information about pen testing that would be useful to those interested in learning more about it as a career option or training direction. It can also be useful for individuals and organizations interested in hiring pen testers or organizations seeking pen testing services.
This course is more more of an overview than my first course Introduction to Penetration Testing Using Metasploit.
As more businesses create, collect, and manage large volumes of customer data and provide access to that data through mobile apps, the Web, and IoT devices, there are more opportunities for that data to be compromised and stolen by nefarious individuals, criminal groups, and even governments. Organizations are struggling to improve the accessibility to and increase the value of their intellectual property while simultaneously protecting it from unauthorized exposure. As news in the past few years has shown, this is a significant challenge and many organizations lost control over their customer’s data and their own intellectual property. Penetration testing is one technique that organizations use to find and correct weaknesses in their network and systems before someone else does. First, you will learn how penetration testing serves as key component in an organization’s information security management program. Next, you will learn about the penetration testing process and techniques used to discover and exploit vulnerabilities. Finally, you will have a good understanding of the software tools, certifications, and other courses that can help you build your technical skills. When you finish this course, you will have the knowledge of how penetration testing is used to improve the security of a network and the techniques and tools used to conduct the testing.
Table of Contents
- Course Overview
- The Role of Penetration Testing in Security Testing
- Penetration Tests
- Penetration Testing Execution Standard (PTES)
- Penetration Testers and Their Tools
Why Another Penetration Testing Course?
Most pen testing courses that I have reviewed focus on specific tools or a very narrow aspect of penetration testing. This course is intended to provide a wide overview of penetration testing showing how it is a part of security testing and how that applies to an organization’s information security management program. We also dive into the various types of tests from network focused testing to social engineering and up to physical testing (i.e. red teams).
Why the Penetration Testing Execution Standard?
This maybe a little more controversial. However, there isn’t a formal standard on penetration testing. There several documents describing pen testing in standards such as the PCI-DSS and NIST Special Publications 800-115. The Penetration Testing Execution Standard (or PTES) is an informal document, or more accurately a wiki page, that describes a lot of the aspects of a consulting engagement from starting the business relationship to the actual testing phases and final reporting. The PTES serves as a living document that can change over time as the field changes.
The PTES certainly needs some work in terms of organization of topics and editing. However, it serves as a good foundational document for the field to build on.