Presentation is loading. Please wait.

Presentation is loading. Please wait.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

Similar presentations


Presentation on theme: "PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC."— Presentation transcript:

1 PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC

2 AGENDA  Penetration testing ??  Certificated  Penetration testing for?  Methodology  System & Network  Web  Mobile  Tools  Commercial  Free Tools  Report  Ex.  Q&A

3 PENETRATION TESTING

4 VULNERABILITY ASSESSMENT

5 PENETRATION TESTING

6 PENETRATION TESTING TYPE  Internal  External 1.Black box 2.White box 3.Grey box Reference :

7 PENETRATION TESTING : CERTIFICATED  Certified Penetration Testing Engineer (CPTE)

8 PENETRATION TESTING : CERTIFICATED  The Offensive Security Certified Professional (OSCP)

9 PENETRATION TESTING : CERTIFICATED  CEH: Certified Ethical Hacking

10 PENETRATION TESTING : CERTIFICATED BIG NAME  Certified Penetration Testing Consultant (CPTC)  GIAC Web Application Penetration Tester (GWAPT)  GIAC Penetration Tester (GPEN)  Certified Information Systems Security Professional (CISSP)  Certified Information Security Manager (CISM)  Certified Information Systems Auditor - CISA

11 PENETRATION TESTING FOR?

12 PENETRATION TESTING : METHODOLOGY  ขั้นตอน หรือวิธีการ เพื่อ ?

13 PENETRATION TESTING : METHODOLOGY  Information Gathering  Information Analysis and Planning  Vulnerability Detection  Penetration  Attack/Privilege Escalation  Analysis and reporting  Clean-up Information Gathering Vulnerability Detection Penetration Attack/ Privilege Escalation Information Analysis and Planning Analysis and Reporting Clean Up

14 PENETRATION TESTING : METHODOLOGY SYSTEM & NETWORK

15 PENETRATION TESTING : METHODOLOGY WEB APPLICATION  OWASP 2013 A1-Injection A2-Broken Authentication and Session Management A3-Cross-Site Scripting (XSS) A4-Insecure Direct Object References A5-Security Misconfiguration A6-Sensitive Data Exposure A7-Missing Function Level Access Control A8-Cross-Site Request Forgery (CSRF) A9-Using Components with Known Vulnerabilities A10-Unvalidated Redirects and Forwards

16 PENETRATION TESTING : METHODOLOGY MOBILE

17 PENETRATION TESTING: TOOLS - COMMERCIAL  Nessus Vulnerability Scanner - Tenable Network Security  Rapid 7 Nexpose + Metasploit Professional  CORE Impact Pro  Immunity CANVAS Professional  IBM APPSCAN  ACUNETIX  HP WebInspect  Havij Advanced SQL Injection  ETC

18 PENETRATION TESTING: TOOLS - FREE  Tenable Nessus Home  Rapid 7 Nexpose Community  NMAP  Blackbuntu Linux  Firefox Addon  Metasploit  Kali Linux  ETC

19 REPORT  Executive  Technical

20 BENEFIT OF PENETRATION TESTING  Manage Risk Properly  Increase Business Continuity  Minimize Client-side Attacks  Protect Clients, Partners And Third Parties  Comply With Regulation or Security Certification  Evaluate Security Investment  Protect Public Relationships And Brand Issues

21 Q & A


Download ppt "PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC."

Similar presentations


Ads by Google