book

Penetration Testing

by James Hayes, Nick Furneaux, Jims Marchang, Rob Ellis, Jason Charalambous, Moinuddin Zaki, Peter Taylor, Roderick Douglas, Felix Ryan, Ceri Charlton, Gemma Moore, Tylor Robinson, Sharif Gardner

September 2019

Intermediate to advanced

150 pages

6h 1m

English

BCS, The Chartered Institute for IT

Read now

Unlock full access

How does this affect my organisation?Why carry out a penetration test?Penetration tests won’t always stop you being hackedStaying current with emerging risksWhy all managers should be interested in security…Impact on the organisation of not penetration testingSummaryReferences
Understanding what penetration testing will achieveDelivering maximum value from penetration testingPenetration testing as part of a holistic information security programmeRisk assessments and relevance to live-system lifecyclesSummaryReferences
Governance and regulatory compliance overviewRegulatory and legal preparatory considerationsSectors and compliance standardsSummaryReferences
Adding penetration testing to an existing enterprise information security strategyPreparation and planningAlignment of policies and procedures with the changing nature of threatsAwareness raising and notificationOther factors for considerationSummary
How penetration test programmes should be informed by defined outcomesThreat intelligence-led penetration testingNext steps?SummaryReference
Defining the scope of penetration testsMapping of assetsSummaryReferences
Penetration test coverage and structureSimulating the threatSummaryReferences
In-house penetration testing compared with third-party penetration testingHybrid approachesSummaryReferences
An overview of the penetration testing service provider marketTest provider capabilitiesWorking relationships with testersReview and ‘rotation’ of test providersTest consentsCommercial and technical relationshipsUnderstanding and using test resultsSummaryReferences
ContextAssessing the most appropriate penetration testing tools and techniques for the programmeSummaryReferences
What is meant by ‘best practice’ and ‘good practice’?Building on the tester’s experiencePenetration testing methodologiesDocumentation before, during and after a penetration testPenetration tester travel and being away from homeTest teams versus individual testersThe client being involved in the testHealth and safetySummaryReference
Purpose of reportingDistributing report content to the relevant audienceCoverage of reportingSummary
On debriefsInterpreting reports and circulating key findingsIntegrating reporting into bug trackers, ticket managers and management toolsUnderstanding the full implications of vulnerabilitiesSummary
Interpreting resultsEstablishing a structured remediation planPenetration test timingsSummary

Content preview from Penetration Testing

GLOSSARY

Attack vector: An entry route into a system.

Black-box testing: Implies the tester has no knowledge of the system under test.

Compliance standards: The framework of requirements set out by government, regulatory bodies and other organisations.

Cyber attack: A modern colloquial term meaning the accessing, or blocking, of a digital asset such as a computer, device or an entire network by a person or group, without permission of the owner.

Fingerprinting: The act of gathering certain attributes of a computer or person and drawing conclusions from that data to help make an attack more successful. Also known as ‘profiling’.

Grey-box testing: Provides the tester with some internal knowledge of the system under test.

Hacker: A technically skilled ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781780174082Publisher Website

Penetration Testing

by James Hayes, Nick Furneaux, Jims Marchang, Rob Ellis, Jason Charalambous, Moinuddin Zaki, Peter Taylor, Roderick Douglas, Felix Ryan, Ceri Charlton, Gemma Moore, Tylor Robinson, Sharif Gardner

GLOSSARY

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like