تست نفوذ پذیری فرآیند ارزیابی امنیتی شبکه یا سیستم های رایانه ای بوده که به صورت شبیه سازی یک حمله توسط یک هکر اخلاقی (Ethical Hacker) صورت می پذیرد. مهمترین تفاوت بین هکر و شخصی که تست نفوذپذیری انجام می دهد این است که، تست نفوذپذیری با مجوز و قراردادی که با سازمان یا شرکت امضاء شده است انجام و در نهایت خروجی به صورت یک گزارش تهیه می گردد. هدف از تست نفوذ پذیری افزایش ضریب امنیتی داده ها می باشد. اطلاعات و ضعفهای امنیتی که در تست نفوذ پذیری مشخص می گردد محرمانه تلقی شده و نباید تا برطرف شدن کامل افشاء گردد. ولی در مورد هکر به این صورت نخواهد بود. هکرها از هر موقعیت زمانی و حفره امنیتی، برای نفوذ استفاده می نمایند. تعدادی از آنها به exploit ها (کدهایی ،برای استفاده از ضعف های امنیتی که هنوز در دسترس عموم قرار نگرفته و اصطلاحا Publish نشده اند.) دسترسی داشته و اغلب از حملات مشخص و قابل جلوگیری استفاده می نمایند.
Security Penetration Testing (The Art of Hacking Series)
حجم: 5.36 گیگابایت
LiveLessons Security Penetration Testing (The Art of Hacking Series)
- Copyright 2018
- Edition: 1st
- List Price: $299.99
- Fromat: MP4
- Published Oct 11, 2017
- Video: AVC 1280×720
- Duration: 4.5 Hours
- ISBN-10: 0-13-483449-6
- ISBN-13: 978-0-13-483449-8
10 Hours of Expert Video Instruction
This course is a complete guide to help you get up and running with your cybersecurity career. You will learn the key tenets and fundamentals of ethical hacking and security penetration testing techniques. You will also explore professional networking and security topics, including an introduction to the world of white hat hacking, reconnaissance, Kali Linux, exploitation, and post-exploitation techniques. This course provides step-by-step real-life scenarios. You will see firsthand how an ethical hacker performs initial reconnaissance of a victim, how to assess systems, network security controls, and security posture.
With over 10 hours of training that includes live discussions, demos, whiteboard instruction and screencasts, Security Penetration Testing Live Lessons provides expert insights of the methodologies used to assess and compromise a network. It covers the legal aspects of ethical hacking and the associated risks. This course additionally reviews many different tools that can be used to penetrate a wired or wireless network and the systems within that network. Also covered are numerous types of attacks, along with security evasion and post exploitation techniques. You will additionally learn the art of social engineering, with special coverage of tools like the social engineering tool kit (SET), Metasploit, and Maltego. You’ll find guidelines on how to write penetration testing reports, and learn how to plan and organize the them.
This course provides supplemental material to reinforce some of the critical concepts and techniques learned, scripts to help you build your own hacking environment, and examples of real-life penetration testing reports. This material can be accessed at theartofhacking.org.
While there are a variety of ethical hacking and cybersecurity certifications out there, this course is meant to introduce people to the concepts behind ethical hacking and penetration testing and is certification agnostic.
Lesson 1: Overview of Ethical Hacking and Penetration Testing
Lesson 2: Kali Linux
Lesson 3: Passive Reconnaissance
Lesson 4: Active Reconnaissance
Lesson 5: Hacking Web Applications
Lesson 6: Hacking User Credentials
Lesson 7; Hacking Databases
Lesson 8: Hacking Networking Devices
Lesson 9: Fundamentals of Wireless Hacking
Lesson 10: Buffer Overflows
Lesson 11: Powershell Attacks
Lesson 12: Evasion and Post Exploitation Techniques
Lesson 13: Social Engineering
Lesson 14: Maintaining Persistence, Pivoting, and Data Exfiltration
Lesson 15: Writing Penetration Testing Reports
About the Instructors
Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures. Omar is the author of more than a dozen books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities. Additional information about Omar’s current projects can be found at omarsantos.io, and you can follow Omar on Twitter: @santosomar.
Chris McCoy is a technical leader in Cisco’s Advanced Security Initiatives Group (ASIG). He has over 20 years of experience in the networking and security industry. He has a passion for computer security, finding flaws in mission-critical systems, and designing mitigations to thwart motivated and resourceful adversaries. He was formerly with Spirent Communications and the U.S. Air Force. He is CCIE certified in the Routing & Switching and Service Provider tracks, which he has held for over 10 years.
Jon Sternstein is the Founder and Principal Consultant of Stern Security, a security company focused on healthcare and credit union industries. Jon has been a lead contributor to securing a wide variety of organizations in healthcare, education, finance, legal, and government industries throughout his 13+ years in the security field. Prior to forming Stern Security, Jon Sternstein was the Security Officer at a large healthcare organization. Jon has created security departments and developed security architectures from the ground up. He has a strong passion for cyber security, educating others, and delivering solutions that allow organizations to operate seamlessly. Jon Sternstein is an active leader in the security industry. He co-chairs the Privacy and Security Workgroup at the North Carolina Healthcare Information and Communications Alliance (NCHICA). Jon was the former President of the BSides Raleigh Security conference.
Jon Sternstein actively works on both the offensive and defensive sides of the security industry. He graduated with a B.A. in Computer Science, minor in Business Studies, and holds the following security certifications: GIAC Penetration Tester (GPEN), Certified Information Systems Security Professional (CISSP), Cisco Certified Network Associate (CCNA), Certified Ethical Hacker (CEH), and more. In addition to the certifications, Jon has won Ethical Hacking Competition awards. He has presented at many conferences including: DerbyCon, BSides Raleigh, Healthcare Information and Management Systems Society (HIMSS), North Carolina Association of Certified Public Accountants (NCACPA), NCHICA Annual, and the Academic Medical Center (AMC) conferences. Jon has been a featured Cyber Security Expert on ABC News, WRAL News, and Business North Carolina Magazine. Stern Security’s website: https://www.sternsecurity.com
Ron Taylor has been in the Information Security field for almost 20 years. Ten of those years were spent in consulting where he gained experience in many areas. In 2008, he joined the Cisco Global Certification Team as an SME in Information Assurance. In 2012, he moved into a position with the Security Research & Operations group (PSIRT) where his focus was mostly on penetration testing of Cisco products and services. Ron was also involved in developing and presenting security training to internal development and test teams globally. Additionally, he provided consulting support to many product teams as an SME on product security testing. In his current role, he is a Consulting Systems Engineer specializing in Cisco’s security product line. Certifications include GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP and MCSE. Ron is also a Cisco Security Blackbelt, SANS mentor, Co-Founder and President of the Raleigh BSides Security Conference, and member of the Packet Hacking Village team at Defcon.
- All levels
Learn How To
- This course will provide step-by-step guidance about ethical hacking, penetration testing, and security posture assessment.
- Provides an easy to use and cost effective means to learn the various concepts associated with many different leading-edge offensive security skills in the industry.
- Provides multimedia tutorials that users can apply to real world scenarios.
Who Should Take This Course
This course serves as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.
Requires basic knowledge of Internet and networking technology.
About Pearson Video Training
Pearson’s expert-led video tutorials teach you the technology skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include: IT certification, programming, web and mobile development, networking, security, and more. Learn more about Pearson Video training at http://www.informit.com/video