book

Penetration Testing

by James Hayes, Nick Furneaux, Jims Marchang, Rob Ellis, Jason Charalambous, Moinuddin Zaki, Peter Taylor, Roderick Douglas, Felix Ryan, Ceri Charlton, Gemma Moore, Tylor Robinson, Sharif Gardner

September 2019

Intermediate to advanced

150 pages

6h 1m

English

BCS, The Chartered Institute for IT

Read now

Unlock full access

How does this affect my organisation?Why carry out a penetration test?Penetration tests won’t always stop you being hackedStaying current with emerging risksWhy all managers should be interested in security…Impact on the organisation of not penetration testingSummaryReferences
Understanding what penetration testing will achieveDelivering maximum value from penetration testingPenetration testing as part of a holistic information security programmeRisk assessments and relevance to live-system lifecyclesSummaryReferences
Governance and regulatory compliance overviewRegulatory and legal preparatory considerationsSectors and compliance standardsSummaryReferences
Adding penetration testing to an existing enterprise information security strategyPreparation and planningAlignment of policies and procedures with the changing nature of threatsAwareness raising and notificationOther factors for considerationSummary
How penetration test programmes should be informed by defined outcomesThreat intelligence-led penetration testingNext steps?SummaryReference
Defining the scope of penetration testsMapping of assetsSummaryReferences
Penetration test coverage and structureSimulating the threatSummaryReferences
In-house penetration testing compared with third-party penetration testingHybrid approachesSummaryReferences
An overview of the penetration testing service provider marketTest provider capabilitiesWorking relationships with testersReview and ‘rotation’ of test providersTest consentsCommercial and technical relationshipsUnderstanding and using test resultsSummaryReferences
ContextAssessing the most appropriate penetration testing tools and techniques for the programmeSummaryReferences
What is meant by ‘best practice’ and ‘good practice’?Building on the tester’s experiencePenetration testing methodologiesDocumentation before, during and after a penetration testPenetration tester travel and being away from homeTest teams versus individual testersThe client being involved in the testHealth and safetySummaryReference
Purpose of reportingDistributing report content to the relevant audienceCoverage of reportingSummary
On debriefsInterpreting reports and circulating key findingsIntegrating reporting into bug trackers, ticket managers and management toolsUnderstanding the full implications of vulnerabilitiesSummary
Interpreting resultsEstablishing a structured remediation planPenetration test timingsSummary

Content preview from Penetration Testing

6 SCOPING A PENETRATION TEST

Jims Marchang and Roderick Douglas

This chapter considers the scope of a penetration test. The scope will determine which systems should be tested, when and how they may be subjected to tests and any limitations such as systems or networks specifically included or excluded from testing. A clear understanding of the scope of a test is vital both for the organisation being tested and for the tester. Organisations should have a solid idea of which systems and networks they would like to be tested, and what access or information the tester needs to be given in order to complete the penetration testing. Testers need to know what access they have been granted, which tests they are required to perform and any systems or ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781780174082Publisher Website

Penetration Testing

by James Hayes, Nick Furneaux, Jims Marchang, Rob Ellis, Jason Charalambous, Moinuddin Zaki, Peter Taylor, Roderick Douglas, Felix Ryan, Ceri Charlton, Gemma Moore, Tylor Robinson, Sharif Gardner

6 SCOPING A PENETRATION TEST

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like