During a goal-oriented penetration test, the environment will be evaluated using similar techniques used by attackers in the wild. With this in mind, the rules of engagement are absolutely critical and must be followed carefully. During the post-exploitation phase of a penetration test there is a good chance that sensitive data could be disclosed; systems that must follow government regulations may be targeted or passwords that are hardcoded may be found. Be sure to make clients aware of this fact, and prepare the necessary documentation that specifically details what is and what is not acceptable. In some cases, you may be able to test development environments in tandem with the production environment; if this is the case be sure to look out for password reuse from development to production.
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
By :
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
By:
Overview of this book
The internet security field has grown by leaps and bounds over the last decade. Everyday more people around the globe gain access to the internet and not all of them with good intentions. The need for penetration testers has grown now that the security industryhas had time to mature. Simply running a vulnerability scanner is a thing of the past and is no longer an effective method of determining a business's true security posture. Learn effective penetration testing skills so that you can effectively meet and manage the rapidly changing security needs of your company. Advanced Penetration Testing for Highly-Secured Environments will teach you how to efficiently and effectively ensure the security posture of environments that have been secured using IDS/IPS, firewalls, network segmentation, hardened system configurations and more. The stages of a penetration test are clearly defined and addressed using step-by-step instructions that you can follow on your own virtual lab.The book follows the standard penetration testing stages from start to finish with step-by-step examples. The book thoroughly covers penetration test expectations, proper scoping and planning, as well as enumeration and footprinting. You'll learn how to clean up and compile proof of concept, exploit code from the web, advanced web application testing techniques, client side attacks, post exploitation strategies, detection avoidance methods, generation of well defined reports and metrics, and setting up a penetration testing virtual lab that mimics a secured environment. The book closes by issuing a challenge to your skills and ability to perform a full penetration test against a fictional corporation; followed by a detailed walk through of the solution.Advanced Penetration Testing for Highly-Secured Environments is packed with detailed examples that reinforce enumeration, exploitation, post-exploitation, reporting skills and more.
Table of Contents (18 chapters)
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
Planning and Scoping for a Successful Penetration Test
Advanced Reconnaissance Techniques
Enumeration: Choosing Your Targets Wisely
Remote Exploitation
Web Application Exploitation
Exploits and Client-Side Attacks
Post-Exploitation
Bypassing Firewalls and Avoiding Detection
Data Collection Tools and Reporting
Setting Up Virtual Test Lab Environments
Take the Challenge – Putting It All Together
Index
Customer Reviews