After more than 20 years of performing professional security testing, it is amazing to me really how many are confused as to what a penetration test is. I have on many occasions gone to a meeting where the client is convinced they want a penetration test, and when I explain exactly what it is, they look at me in shock. So, what exactly is a penetration test? Remember our abstract methodology had a step for intrusive target searching and part of that step was another methodology for scanning? Well, the last item in the scanning methodology, exploitation, is the step that is indicative of a penetration test. That's right! That one step is the validation of vulnerabilities, and this is what defines penetration testing. Again, it is not what most clients think when they bring a team in. The majority of them in reality want a vulnerability assessment. When you start explaining to them that you are going to run exploit code and all these really cool things on their systems and/or networks, they usually are quite surprised. The majority of the times, the client will want you to stop at the validation step. On some occasions, they will ask you to prove what you have found, and then you might get to show validation. I once was in a meeting with the IT department of a foreign country's stock market, and when I explained what we were about to do for validating vulnerabilities, the IT director's reaction was, "Those are my stock broker records, and if we lose them, we lose a lot of money!" Hence, we did not perform the validation step in that test.
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
By :
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
By:
Overview of this book
Security flaws and new hacking techniques emerge overnight – security professionals need to make sure they always have a way to keep . With this practical guide, learn how to build your own virtual pentesting lab environments to practice and develop your security skills. Create challenging environments to test your abilities, and overcome them with proven processes and methodologies used by global penetration testing teams.
Get to grips with the techniques needed to build complete virtual machines perfect for pentest training. Construct and attack layered architectures, and plan specific attacks based on the platforms you’re going up against. Find new vulnerabilities for different kinds of systems and networks, and what these mean for your clients.
Driven by a proven penetration testing methodology that has trained thousands of testers, Building Virtual Labs for Advanced Penetration Testing, Second Edition will prepare you for participation in professional security teams.
Related Content you might be interested in
Current Title:
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
No titles found
Table of Contents (20 chapters)
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
Credits
About the Author
Acknowledgments
About the Reviewer
www.PacktPub.com
Preface
Free Chapter
Introducing Penetration Testing
Choosing the Virtual Environment
Planning a Range
Identifying Range Architectures
Identifying a Methodology
Creating an External Attack Architecture
Assessment of Devices
Architecting an IDS/IPS Range
Assessment of Web Servers and Web Applications
Testing Flat and Internal Networks
Testing Servers
Exploring Client-Side Attack Vectors
Customer Reviews