What You Will Learn!
- Learn to be a good pentester. This includes how to interview, how certifications come into play, and then exploring how to find the right company and/or engag
- Learn some of the common elements and practices of a pentester during the pre-engagement phase of an assessment. This includes learning what the customer want
- Learn about data security agreements, otherwise known as non-disclosure agreements(NDA), that are crucial to the pentesting process.
- Understand Statement of Work (SOW). The importance of the SOW, as well as looking at some of the common elements found in an SOW..
- Explore the options available to pentesters in the realm of popular pentesting platforms such as Kali, Parrot, and Black Arch.
Description
In this series, Daniel and Brad will take a look at what a Pentesting engagement looks like through the lens of Brad's experience as a Pentester. Here they will cover all the important and requisite activities from pre-engagement to delivering the final report. You'll see what it takes to properly pre-engage for an assessment, explore the necessary legal documents, scope the client's systems, build the right engagement toolkit, perform vulnerability assessment and exploitation, collaborate and document with team members, and create an effective report.
There are several pentesting platforms available in the market that can assist in conducting penetration testing and vulnerability assessments. These platforms provide a range of tools and functionalities to identify and exploit vulnerabilities in computer systems, networks, and applications
A typical penetration testing engagement consists of several stages or phases that help guide the assessment process. These stages ensure a systematic and comprehensive approach to identifying vulnerabilities and assessing the security posture of the target system. The specific names and order of the stages may vary depending on the methodology followed by the pentester or the organization conducting the assessment.
The course includes Blue Team pentesting, also known as defensive security testing or purple teaming, is a practice where a team of security professionals simulates real-world attacks on a company's systems and infrastructure to evaluate and improve the organization's defensive capabilities. Unlike traditional penetration testing (red teaming), which focuses on identifying vulnerabilities and exploiting them, blue team pentesting is centered around assessing and enhancing the effectiveness of an organization's security controls and incident response processes.
Who Should Attend!
- Organizations
- Security Teams
- Compliance and Audit Teams
- Managed Security Service Providers (MSSPs)
- Developers and DevOps Teams
- Executive Management