Skip to main content

Penetration Testing

Definition of Penetration Testing

Ability to test a system, set of systems, or an application stack to find exploitable security vulnerabilities.

Assistant / Associate:

Understand components of a typical penetration test
Gain familiarity with common testing systems and tools
Run predefined tasks as part of larger tests

Senior Associate / Professional:

Analyze results from standard testing scripts
Perform ad-hoc tests against systems where indicated
Write penetration test reports

Senior Professional / Principal:

Understand application architecture and network architecture well enough to predict weak points
Advise on how to patch discovered vulnerabilities

How to Develop Penetration Testing

Training Courses:

· SANS SEC542 – Web App Penetration Testing and Ethical Hacking

· SANS SEC560 – Network Penetration Testing and Ethical Hacking

· SANS SEC588: Cloud Penetration Testing

Online Videos:

· https://www.youtube.com/watch?v=3Kq1MIfTWCE

· https://www.youtube.com/watch?v=2_lswM1S264

Experiences:

· Participate in formal penetration tests

How to Demonstrate Penetration Testing

DO:Describe what you did in completing / achieving your development plan

ASSESS:Share, if applicable, any assessments that were taken / provided related to your activities

LEARN:Explain what you felt that you were able to learn during your journey / experiences

APPLY:Give specifics examples where you have / plan to make direct application to your work

REFLECT:Review / consider things you would have done differently had you had this experience earlier