You are on page 1of 9

Penetration Testing

PTS402

Course Title
Penetration Testing: Procedures & Methodologies

Page 1 of 9

Procedures & Methodologies Copyright by EC-Council | Press


All Rights Reserved. Reproduction is Strictly Prohibited.

Penetration Testing

PTS402

Course Description:
The Security Analyst Series from EC-Council | Press is comprised of five books covering a broad base of
topics in advanced penetration testing and information security analysis. The content of this program is
designed to expose the reader to groundbreaking methodologies in conducting thorough information
security analysis, as well as advanced penetration testing techniques. Armed with the knowledge from the
Security Analyst series, along with proper experience, readers will be able to perform the intensive
assessments required to effectively identify and mitigate risks to the security of the organization's
infrastructure.
This book discusses the various penetration testing techniques, strategies, planning, scheduling, and also
frames a guideline that a penetration tester can adopt while performing a penetration test. This book also
discusses the various test agreements that depict the outline of the test being performed.

Certificate Info
Penetration Testing: Procedures & Methodologies
Who Should Attend?
This course will significantly benefit Network server administrators, Firewall Administrators, Security
Testers, System Administrators, Risk Assessment professionals, and anyone who is interested in penetration
testing and information security analysis.
Course Duration:
2 days (9:00 5:00)
CPE/ECE Qualification
16 ECE Credits awarded for attendance (1 for each classroom hour)
Suggested Retail:
$799 USD

Page 2 of 9

Procedures & Methodologies Copyright by EC-Council | Press


All Rights Reserved. Reproduction is Strictly Prohibited.

Penetration Testing

Page 3 of 9

PTS402

Procedures & Methodologies Copyright by EC-Council | Press


All Rights Reserved. Reproduction is Strictly Prohibited.

Penetration Testing

PTS402

Required Courseware:

Visit www.cengage.com/community/eccouncil and click on Training Workshops for ordering details.

Whats included?
Physical Courseware
1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate
Course + Supplement Cost:
See the Training Workshops section at www.cengage.com/community/eccouncil for current pricing
information.
Related Certificates:
Penetration Testing: Security Analysis
Penetration Testing: Communication Media Testing
Penetration Testing: Network Threat Testing
Penetration Testing: Network & Perimeter Testing
Course Briefing:
1. Penetration-Testing Methodologies
Module Brief:
Penetration testing goes a step ahead of vulnerability scanning in security assessment. Unlike
vulnerability scanning which examines the security of individual computers, network devices, or
applications, penetration testing assesses the security model of the network as a whole.
This module discusses in detail about the need of penetration testing, common penetration testing
techniques and frames a guideline that a penetration tester can adopt while performing a penetration
test. The module discusses various penetration testing methods and strategies for penetration testing.
2. Customers and Legal Agreements
Module Brief:
Various customer requirements need to be identified and the objectives of the penetration test should
be developed in relevance to those requirements. Rules of Behavior is a test agreement that depicts
the outline of the test being performed. It explains in detail the internal and external aspects
surrounding the testing procedure. Before the test is performed, authorized representatives from both
the parties have to sign this agreement.
Page 4 of 9

Procedures & Methodologies Copyright by EC-Council | Press


All Rights Reserved. Reproduction is Strictly Prohibited.

Penetration Testing

PTS402

This module deals with various legal agreements of penetration testing, the need for penetration
testing, stages of penetration testing, customer requirements, rules of behavior, and risks associated
with penetration testing.
3. Duties of a Licensed Penetration Tester
Module Brief:
Rules of Engagement is the formal permission to conduct a pen-test. It provides certain rights and
restriction to the test team for performing the test and helps testers to overcome legal, federal, and
policy-related restrictions to use different penetration testing tools and techniques.
This module discusses the Rules of Engagement (ROE), the scope of ROE, steps in framing of ROA,
and the clauses in an ROE.
4. Penetration-Testing Planning and Scheduling
Module Brief:
A penetration test plan is a part of an overall security plan and sets the ground rules for the test. The
important part of the penetration test plan is to improve the test ground rules. The goal of the
penetration testing is to focus on developing adequate evidence of flawlessness and to reach a security
assurance level.
This module explains the purpose of a test plan, building a test plan, penetration testing planning
phase, test teams, testing project plan, and the various penetration testing project scheduling tools.
5. PrePenetration Testing Checklist
Module Brief:
This module briefs the list of steps that should be taken before starting a penetration test.
6. Information Gathering and Social Engineering Penetration Testing
Module Brief:
This module familiarizes with details in information gathering phase such as newspaper cuttings,
articles, websites, notes, papers, photos, snapshots, email messages, letters, documents, napkins with
data, CD-ROMs and DVD, floppy disks, tapes, zip drives, USB disks, handwritten notes, employee
signatures, employee writing style, and grammar syntax
The term social engineering is used to describe the various techniques used to trick people
(employees, business partners, or customers) into voluntarily giving away personal information that
would not normally be known to the general public. Attackers are always looking for new ways to
access information. They ensure that they know the surroundings and certain people in an
organization like security guards, receptionists, and help desk workers.
This module also discusses the various steps and methods for gathering information about the
potential victim. It also showcases various spy gadgets that aid the attacker in gathering information.
7. Vulnerability Analysis
Module Brief:
This module familiarizes with vulnerability assessment and types of vulnerability assessment that can
be used to identify weaknesses that could be exploited and test the effectiveness of additional security
measures taken to defend attacks.
This module also tells how time management scheduling of a task is important and also explains in
detail about various vulnerability assessment tools.
8. External Penetration Testing
Module Brief:

Page 5 of 9

Procedures & Methodologies Copyright by EC-Council | Press


All Rights Reserved. Reproduction is Strictly Prohibited.

Penetration Testing

PTS402

This module discusses External Intrusion Test and Analysis as a process of determining the security
flaws and strengths of the client systems. It also familiarizes with various steps involved in external
penetration testing and scan for default ports of various services which are vulnerable.
9. Internal Network Penetration Testing
Module Brief:
This module provides internal network penetration testing and various methods like port testing and
vulnerability testing. It also explains sniffing with various sniffing tools.
10. Penetration-Testing Deliverables
Module Brief:
Documentation writing plays a major role in penetration testing process. The documentation report
prepared should contain the details of the final test results and recommendations to rectify the
problems that might be found during the test process.
This module explains the structure of the documentation report which should include-Summary of
the test execution, Scope of the project, Result analysis, Recommendations, Appendices. It
also discusses about the test reports on a network such as executive report, active report, and host
report, vulnerability report, creating and writing the final report, report format, delivery and
retention.
11. Post-testing Actions
Module Brief:
In post penetration testing, the first focus is on high-priority security worries.
This module discusses how to adopt technical solutions for the originated security issues, developing
strategies to achieve short-term and long-term security postures, and deciding on the required and
available resources to maintain reliable information security.
12. Advanced Exploits and Tools
Module Brief:
This module discusses in detail the common vulnerabilities. It also tells the anatomy of an exploit and
what a typical overflow is. This module explains the strengths and uses of payload generators and
exploitation tools including: GDB, Metasploit, Canvas, CORE Impact M.B.S.A, NSAT, and Network
Security Inspector.

Page 6 of 9

Procedures & Methodologies Copyright by EC-Council | Press


All Rights Reserved. Reproduction is Strictly Prohibited.

Penetration Testing

PTS402

Course Briefing:
Chapter 1: Penetration-Testing Methodologies

Introduction to Penetration-Testing Methodologies

Penetration Testing

Phases of Penetration Testing

Chapter 2: Customers and Legal Agreements

Introduction to Customers and Legal Agreements

Why Organizations Need Penetration Testing

Initial Stages in Penetration Testing

Penetration Testing Rules of Behavior

Penetration-Testing Risks

Penetration Testing by Third Parties

Legal Consequences

Liability Issues

Applicable Laws

Negligence Claim

Drafting Contracts

How Much to Charge?

Chapter 3: Duties of a Licensed Penetration Tester

Introduction to Duties of a Licensed Penetration Tester

Duties of a Licensed Penetration Tester

LPT-Audited Logos

Standards and Compliance

Chapter 4: Penetration-Testing Planning and Scheduling

Introduction to Penetration-Testing Planning and Scheduling

Purpose of a Test Plan

IEEE Standards

Penetration-Test Planning Phases

Tool: EC-Councils Vampire Box

Chapter 5: PrePenetration Testing Checklist

Introduction to PrePenetration Testing Checklist

Page 7 of 9

Procedures & Methodologies Copyright by EC-Council | Press


All Rights Reserved. Reproduction is Strictly Prohibited.

Penetration Testing

PTS402

Checklist

Chapter 6: Information Gathering and Social Engineering Penetration Testing

Introduction to Information Gathering/Social Engineering Penetration Testing

Information-Gathering Steps

Social Engineering

Steps in Conducting a Social Engineering Penetration Test

Chapter 7: Vulnerability Analysis

Introduction to Vulnerability Analysis

Vulnerability Assessment Steps

Vulnerability Classification

Types of Vulnerability Assessment

Vulnerability Assessment Phases

Comparing Approaches to Vulnerability Assessments

Vulnerability Assessment Considerations

Vulnerability Assessment Reports

Tools

Chapter 8: External Penetration Testing

Introduction to External Penetration Testing

Steps for Conducting External Penetration Testing

Chapter 9: Internal Network Penetration Testing

Introduction to Internal Network Penetration Testing

Steps for Internal Network Penetration Testing

Tools

Chapter 10: Penetration-Testing Deliverables

Introduction to Penetration-Testing Deliverables

Penetration-Testing Report

Client-Side Test Reports

Test Reports on Web Applications

Sign-Off Document

Creating the Final Report

Chapter 11: Post-testing Actions


Page 8 of 9

Procedures & Methodologies Copyright by EC-Council | Press


All Rights Reserved. Reproduction is Strictly Prohibited.

Penetration Testing

PTS402

Introduction to Post-testing Actions

Prioritize Recommendations

Develop an Action Plan

Create a Process for Minimizing Instances of Misconfigurations

Apply Updates and Patches

Capture Lessons Learned and Best Practices

Create Security Policies

Conduct Training

Conduct a Social Engineering Class

Destroy the Penetration-Testing Report

Chapter 12: Advanced Exploits and Tools

Introduction to Advanced Exploits and Tools

Buffer Overflows

The Anatomy of an Exploit

Linux Exploits Versus Windows Exploits

Tools

Page 9 of 9

Procedures & Methodologies Copyright by EC-Council | Press


All Rights Reserved. Reproduction is Strictly Prohibited.