book

Penetration Testing

by James Hayes, Nick Furneaux, Jims Marchang, Rob Ellis, Jason Charalambous, Moinuddin Zaki, Peter Taylor, Roderick Douglas, Felix Ryan, Ceri Charlton, Gemma Moore, Tylor Robinson, Sharif Gardner

September 2019

Intermediate to advanced

150 pages

6h 1m

English

BCS, The Chartered Institute for IT

Read now

Unlock full access

How does this affect my organisation?Why carry out a penetration test?Penetration tests won’t always stop you being hackedStaying current with emerging risksWhy all managers should be interested in security…Impact on the organisation of not penetration testingSummaryReferences
Understanding what penetration testing will achieveDelivering maximum value from penetration testingPenetration testing as part of a holistic information security programmeRisk assessments and relevance to live-system lifecyclesSummaryReferences
Governance and regulatory compliance overviewRegulatory and legal preparatory considerationsSectors and compliance standardsSummaryReferences
Adding penetration testing to an existing enterprise information security strategyPreparation and planningAlignment of policies and procedures with the changing nature of threatsAwareness raising and notificationOther factors for considerationSummary
How penetration test programmes should be informed by defined outcomesThreat intelligence-led penetration testingNext steps?SummaryReference
Defining the scope of penetration testsMapping of assetsSummaryReferences
Penetration test coverage and structureSimulating the threatSummaryReferences
In-house penetration testing compared with third-party penetration testingHybrid approachesSummaryReferences
An overview of the penetration testing service provider marketTest provider capabilitiesWorking relationships with testersReview and ‘rotation’ of test providersTest consentsCommercial and technical relationshipsUnderstanding and using test resultsSummaryReferences
ContextAssessing the most appropriate penetration testing tools and techniques for the programmeSummaryReferences
What is meant by ‘best practice’ and ‘good practice’?Building on the tester’s experiencePenetration testing methodologiesDocumentation before, during and after a penetration testPenetration tester travel and being away from homeTest teams versus individual testersThe client being involved in the testHealth and safetySummaryReference
Purpose of reportingDistributing report content to the relevant audienceCoverage of reportingSummary
On debriefsInterpreting reports and circulating key findingsIntegrating reporting into bug trackers, ticket managers and management toolsUnderstanding the full implications of vulnerabilitiesSummary
Interpreting resultsEstablishing a structured remediation planPenetration test timingsSummary

Content preview from Penetration Testing

FOREWORD

In the last few years, we have experienced cyber-crime on a scale never seen before and an unprecedented increase in threat actors. It has been a wake-up call for all businesses and organisations to take cyber security seriously and discover where their weaknesses lie and how to fix them before someone else finds and exploits them. The best way to do this is to simulate malicious attacks – the art of penetration testing. While penetration testing has traditionally been associated with government organisations and large financial institutions and corporations, it is now commonplace among medium sized companies, NGOs and the wider public and private sector.

That’s why this book is so important. Penetration testing is extremely sensitive, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781780174082Publisher Website

Penetration Testing

by James Hayes, Nick Furneaux, Jims Marchang, Rob Ellis, Jason Charalambous, Moinuddin Zaki, Peter Taylor, Roderick Douglas, Felix Ryan, Ceri Charlton, Gemma Moore, Tylor Robinson, Sharif Gardner

FOREWORD

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like