Hugendubel.info - Die B2B Online-Buchhandlung 

Merkliste
Die Merkliste ist leer.
Bitte warten - die Druckansicht der Seite wird vorbereitet.
Der Druckdialog öffnet sich, sobald die Seite vollständig geladen wurde.
Sollte die Druckvorschau unvollständig sein, bitte schliessen und "Erneut drucken" wählen.

Pen Testing from Contract to Report

Wileyerschienen am01.07.2024
Pen Testing from Contractto Report
Protect your system or web application with this accessible guide
Penetration tests, also known as 'pen tests', are a means of assessing the security of a computer system by simulating a cyber-attack. These tests can be an essential tool in detecting exploitable vulnerabilities in a computer system or web application, averting potential user data breaches, privacy violations, losses of system function, and more. With system security an increasingly fundamental part of a connected world, it has never been more important that cyber professionals understand the pen test and its potential applications.
Pen Testing from Contract to Report offers a step-by-step overview of the subject. Built around a new concept called the Penetration Testing Life Cycle, it breaks the process into phases, guiding the reader through each phase and its potential to expose and address system vulnerabilities. The result is an essential tool in the ongoing fight against harmful system intrusions.
In Pen Testing from Contract to Report readers will also find: Content mapped to certification exams such as the CompTIA PenTest+
Detailed techniques for evading intrusion detection systems, firewalls, honeypots, and more
Accompanying software designed to enable the reader to practice the concepts outlined, as well as end-of-chapter questions and case studies

Pen Testing from Contract to Report is ideal for any cyber security professional or advanced student of cyber security.


Alfred Basta, PhD, CCP (CMMC), CISM, CPENT, LPT, OSCP, PMP, CRTO, CHPSE, CRISC, CISA, CGEIT, CASP+, CYSA+, is a professor of mathematics, cryptography, and information security as well as a professional speaker on internet security, networking, and cryptography. He is a member of many associations, including ISACA, ECE, and the Mathematical Association of America. Dr. Basta's other publications include Computer Security and Penetration Testing, Mathematics for Information Technology, Linux Operations and Administration, and Database Security. In addition, Dr. Basta is the chair of EC-Council's CPENT Scheme Committee. He has worked as a faculty member and curriculum advisor for programming and cyber security programs at numerous colleges and universities.

Nadine Basta, MSc., CEH, is a professor of computer science, cybersecurity, mathematics, and information technology. Her numerous certifications include CEH, MCSE, MSDBA, CCDP, NCSE, NCTE, and CCA. A security consultant and auditor, she combines strong 'in the field' experience with her academic background. She is also the author of Computer Security and Penetration Testing, Mathematics for Information Technology, and Linux Operations and Administration. Nadine has extensive teaching and research experience in computer science and cybersecurity.

Waqar Anwar is a Cybersecurity Curriculum Specialist with over 10 years of experience in the field. He also develops and delivers training to faculty and staff on cybersecurity topics and conducts research on cybersecurity topics. Mr. Anwar is a frequent speaker at industry conferences. He is also a member of several cybersecurity organizations including SysAdmin, Audit, Network and Security SANS, CYBRARY, and Information Systems Security Association International ISSA.mehr
Verfügbare Formate

Produkt

KlappentextPen Testing from Contractto Report
Protect your system or web application with this accessible guide
Penetration tests, also known as 'pen tests', are a means of assessing the security of a computer system by simulating a cyber-attack. These tests can be an essential tool in detecting exploitable vulnerabilities in a computer system or web application, averting potential user data breaches, privacy violations, losses of system function, and more. With system security an increasingly fundamental part of a connected world, it has never been more important that cyber professionals understand the pen test and its potential applications.
Pen Testing from Contract to Report offers a step-by-step overview of the subject. Built around a new concept called the Penetration Testing Life Cycle, it breaks the process into phases, guiding the reader through each phase and its potential to expose and address system vulnerabilities. The result is an essential tool in the ongoing fight against harmful system intrusions.
In Pen Testing from Contract to Report readers will also find: Content mapped to certification exams such as the CompTIA PenTest+
Detailed techniques for evading intrusion detection systems, firewalls, honeypots, and more
Accompanying software designed to enable the reader to practice the concepts outlined, as well as end-of-chapter questions and case studies

Pen Testing from Contract to Report is ideal for any cyber security professional or advanced student of cyber security.


Alfred Basta, PhD, CCP (CMMC), CISM, CPENT, LPT, OSCP, PMP, CRTO, CHPSE, CRISC, CISA, CGEIT, CASP+, CYSA+, is a professor of mathematics, cryptography, and information security as well as a professional speaker on internet security, networking, and cryptography. He is a member of many associations, including ISACA, ECE, and the Mathematical Association of America. Dr. Basta's other publications include Computer Security and Penetration Testing, Mathematics for Information Technology, Linux Operations and Administration, and Database Security. In addition, Dr. Basta is the chair of EC-Council's CPENT Scheme Committee. He has worked as a faculty member and curriculum advisor for programming and cyber security programs at numerous colleges and universities.

Nadine Basta, MSc., CEH, is a professor of computer science, cybersecurity, mathematics, and information technology. Her numerous certifications include CEH, MCSE, MSDBA, CCDP, NCSE, NCTE, and CCA. A security consultant and auditor, she combines strong 'in the field' experience with her academic background. She is also the author of Computer Security and Penetration Testing, Mathematics for Information Technology, and Linux Operations and Administration. Nadine has extensive teaching and research experience in computer science and cybersecurity.

Waqar Anwar is a Cybersecurity Curriculum Specialist with over 10 years of experience in the field. He also develops and delivers training to faculty and staff on cybersecurity topics and conducts research on cybersecurity topics. Mr. Anwar is a frequent speaker at industry conferences. He is also a member of several cybersecurity organizations including SysAdmin, Audit, Network and Security SANS, CYBRARY, and Information Systems Security Association International ISSA.
Details
Weitere ISBN/GTIN9781394176809
ProduktartE-Book
EinbandartE-Book
FormatEPUB
Verlag
Erscheinungsjahr2024
Erscheinungsdatum01.07.2024
Seiten672 Seiten
SpracheEnglisch
Dateigrösse47005
Artikel-Nr.13881282
Rubriken
Genre9201

Inhalt/Kritik

Leseprobe

1
Introduction to Penetration Testing
Table of Contents
Introduction to Penetration Testing Penetration Testing

Common Penetration Testing Approaches and Techniques
Types of Penetration Testing Black Box Penetration Testing
White Box Penetration Testing
Gray Box Penetration Testing

Coverage, Speed, and Efficiency Between Pentesting Approaches
Penetration Testing Teams
Penetration Testing Types Network Services Penetration Testing
Web Application Penetration Testing
Physical Penetration Testing
Social Engineering Penetration Testing
Client-Side Penetration Testing
Mobile Application Penetration Testing
Wireless Pentesting

Penetration Testing Methodologies Scope Establishment
Pentest Execution
Results Reporting and Delivery

Required Skill Sets for a Penetration Tester
Penetration Testing Methodology
Penetration Testing Methodologies List Open-Source Security Testing Methodology Manual (OSSTMM)
Open Web Application Security Project (OWASP)
Penetration Testing Execution Standard
NIST 800-115
Penetration Testing Framework
Information Systems Security Assessment Framework (ISSAF)

Frequency of Penetration Testing
Certifications that Pentesters may Acquire Offensive Security Certified Professional (OSCP)
Offensive Security Certified Expert (OSCE)
GIAC Penetration Tester (GPEN)
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
LPT - Licensed Penetration Tester

Why Companies Should do Penetration Testing
Penetration Testing s Advantages
Phases of Pentesting Attack Phase
Actions Taken After an Attack

Points to Consider Before Signing a Contract
Most Commonly Used Penetration Testing Tools
Pentesting Use Cases
Opportunities and Challenges
Trends and Emerging Technologies
References and Resources
Introduction to Penetration Testing
Penetration Testing

Penetration testing, commonly known as pentesting, is a method of evaluating the security of computer systems, networks, and applications by simulating an attack from a malicious actor. The goal of a penetration test is to identify vulnerabilities and weaknesses in the target system that could be exploited by attackers. Penetration testing is a vital aspect of cybersecurity, as it helps organizations identify and address security weaknesses before they can be exploited by malicious actors. The process of penetration testing involves identifying potential entry points, attempting to exploit vulnerabilities, and reporting on the effectiveness of the security measures in place.

Penetration testing can be performed manually or with the help of automated tools. It is frequently directed at the following endpoints:
Servers: This can include various types of servers, such as web servers, file transfer servers, Dynamic Host Configuration Protocol (DHCP) servers, and domain name system (DNS) servers.
Network services and devices: This includes all types of network services and devices, such as routers, switches, and firewalls. Penetration testers may try to find flaws in how these devices are set up or check if they allow unauthorized access to sensitive data or the ability to manipulate or shut down the network.
Wireless devices and networks: This includes all types of wireless devices and networks, such as WiFi, NFC, and Bluetooth. Penetration testers may attempt to identify vulnerabilities in the wireless protocols or encryption mechanisms used by these devices and networks.
Network security devices: This includes all types of network security devices, such as firewalls, intrusion detection and prevention systems, and virtual private network (VPN) gateways. Penetration testers may try to find flaws in the way these devices are set up or put together that could let attackers get around or avoid them.
Web applications and software: This includes all types of web applications and software used by the organization.
Mobile devices: This includes all types of mobile devices, such as smartphones and tablets. Penetration testers may attempt to identify vulnerabilities in the operating system or applications installed on these devices that could allow attackers to compromise them or steal sensitive data.

It should be noted, though, that the real pentest simply does not end here. The main objective is to penetrate the IT infrastructure to reach a company s electronic assets.
Common Penetration Testing Approaches and Techniques
Clients: Organizations that engage penetration testers to test their systems and networks are referred to as clients. Client-focused topics could include: Testing methods and styles: Each customer has a varied choice for how they want the penetration test to be done. Some may prefer a black box approach in which the penetration tester has no previous knowledge of the system, while others may prefer a white box approach in which the penetration tester has access to certain system information. This enables the penetration tester to personalize the test to the unique demands of the customer, resulting in a more complete and effective test. It also helps the client confirm that the test is being carried out in a safe and secure manner because the penetration tester has a better grasp of the system.
Frequency: How often should a penetration test be carried out? Some businesses may require annual penetration tests, while others may prefer more regular testing. Tests can be performed quarterly, biannually, or as needed to maintain the security of their systems and networks, depending on the demands of the company.
Why should a company do a penetration test? Compliance requirements, risk management, or just detecting vulnerabilities before an attacker does can all fall under this category.
Phases: The penetration testing process has different parts, such as planning, reconnaissance, scanning, exploitation, and post-exploitation.
Use cases: Clients may want to know how penetration testing can be used for specific business use cases, such as securing a cloud-based infrastructure or protecting sensitive customer data.

Example: A healthcare institution may choose to conduct a penetration test to ensure compliance with HIPAA regulations. To guarantee that all systems and networks are adequately tested, the business may require a white box approach. They may also wish to repeat the test on a yearly basis to assure continuous compliance.

Penetration testers: Professionals who conduct penetrating tests are known as penetration testers. What skills are required for a penetration tester? These can involve technical skills like programming language expertise and network protocol understanding, as well as soft skills like communication and problem-solving.
Certifications: What credentials should a penetration tester possess? This can include certifications like Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and Offensive Security Certified Professional (OSCP) (CISSP).
Common tools: What tools do penetration testers usually use? This could include network scanners, vulnerability scanners, and exploitation frameworks.

Example: A penetration tester working for a financial institution, for example, may need to be well-versed in banking protocols and transactional systems, as well as hold a certification such as the Certified Information Systems Auditor (CISA) or CISSP.

Both: Topics that can focus on both clients and penetration testers can include: Penetration testing services: What do penetration testers provide? This can involve web application testing, network testing, and wireless testing.
Points to consider: What should clients consider before hiring a penetration tester? This can include things like the scope of the penetration test, the cost, and the amount of time necessary.
Considerations before signing a contract: What should penetration testers take into account before establishing a contract with a client? This includes things like the scope of the penetration test, payment conditions, and legal liabilities.

Example: A major e-commerce firm, for example, may choose to engage a penetration tester to evaluate its website...

mehr