Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 2 – PenTest Overview

Published byKyla Grewe Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 2 – PenTest Overview"— Presentation transcript:

1 Module 2 – PenTest Overview
Penetration Testing Methodologies Penetration Test Management (ISSAF)‏ PenTest Project Management Engineer Assessment Effort Heorot.net

2 Penetration Testing Methodologies
ISSAF OSSTMM NIST SP Heorot.net

3 Penetration Testing Methodologies
ISSAF Peer-Reviewed Contains two separate documents Management (ISSAF0.2.1A)‏ Penetration Testing (ISSAF0.2.1B)‏ Checklists for Auditing / Hardening Systems Tool-Centric Heorot.net

4 Penetration Testing Methodologies
ISSAF Advantages Does not assume previous knowledge Provides examples of pentest tool use “In the weeds” Disadvantages Out of date quickly Pentest tool examples are not extensive Last update: May 2006 Heorot.net

5 Penetration Testing Methodologies
OSSTMM Peer-Reviewed Most popular methodology Assessments are discussed at a high-level Includes unique technology (RFID, Infrared)‏ Extensive templates Heorot.net

6 Penetration Testing Methodologies
OSSTMM Advantages More flexibility for Pentesters Frequent updates Disadvantages Steeper learning curve Tool and OS knowledge necessary beforehand Latest version requires paid subscription Heorot.net

7 Penetration Testing Methodologies
NIST SP Federal Publication Least comprehensive methodology Tools-oriented NIST publications rarely get updated If you can't use anything else, at least use something Heorot.net

8 Penetration Test Management
ISSAF Phase I – Planning Phase II – Assessment Phase III – Treatment Phase IV – Accreditation Phase V – Maintenance Use a Project Manager Heorot.net

9 PenTest Project Management
Phase I – Planning Information Gathering Project Chartering Resource Identification Budgeting Bidding & Estimating (Called “Cash Flow”)‏ Work Breakdown Structure (WBS)‏ Project Kick-Off Heorot.net

10 PenTest Project Management
Phase II – Assessment Inherent Risk Assessment Controls Assessment Legal & Regulatory Compliance Information Security Policy Information Security Organization and Mgmt. Enterprise Information Systems Security and Controls  (Penetration Testing)‏ Security Operations Management Business Continuity Management Heorot.net

11 PenTest Project Management
Phase III – Treatment See Risk Treatment Plan Phase IV – Accreditation Context Establishment Evaluation Reporting Certification Phase V – Maintenance Heorot.net

12 PenTest Project Management
Phase II – Assessment Inherent Risk Assessment Controls Assessment Legal & Regulatory Compliance Information Security Policy ...etc. Each assessment is broken down further... Heorot.net

13 PenTest Project Management
Phase II – Assessment Project Management Documents Engagement Scope Communications Plan Issue Escalation Plan Scheduling Responsibility Matrix Deliverables Heorot.net

14 Engineer Assessment Effort
Phase II – Assessment Scheduling (Engineering Effort)‏ Information Gathering Network Mapping Vulnerability Identification Penetration Gaining Access & Privilege Escalation Enumerating Further Compromise Remote Users/Sites Maintaining Access Cover the Tracks Heorot.net

15 Module 2 – Conclusion Penetration Testing Methodologies
Penetration Test Management (ISSAF)‏ PenTest Project Management Engineer Assessment Effort Heorot.net

Download ppt "Module 2 – PenTest Overview"

Similar presentations

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
FDCC Implementation Efforts at Idaho National Laboratory Justin Hansen NLIT 2009.

FDCC Implementation Efforts at Idaho National Laboratory Justin Hansen NLIT 2009.
Presented by Heorot.net.  Understand the need for a PenTest Methodology  Identify the most-used methodologies  Understand Advantages and Limitations.

Presented by Heorot.net.  Understand the need for a PenTest Methodology  Identify the most-used methodologies  Understand Advantages and Limitations.
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.

NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
IS&T Project Management: Project Management 101 June, 2006.

IS&T Project Management: Project Management 101 June, 2006.
Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls.

Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls.
IS&T Project Management: How to Engage the Customer September 27, 2005.

IS&T Project Management: How to Engage the Customer September 27, 2005.
Project Management and Scheduling

Project Management and Scheduling
Project Management Framework. PMBOK ® Guide, Third Edition.

Project Management Framework. PMBOK ® Guide, Third Edition.
Best Practices By Gabriel Rodriguez

Best Practices By Gabriel Rodriguez
The Business of Penetration Testing

The Business of Penetration Testing
BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.

BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.
Project Management An Overview John Mulhall MIICM; LIB International Credit & Process Management Professional.

Project Management An Overview John Mulhall MIICM; LIB International Credit & Process Management Professional.
ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.

ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
 A project is “a unique endeavor to produce a set of deliverables within clearly specified time, cost and quality constraints”

 A project is “a unique endeavor to produce a set of deliverables within clearly specified time, cost and quality constraints”

Similar presentations

Ads by Google