Penetration Testing
Definition of Penetration Testing
Ability to test a system, set of systems, or an application stack to find exploitable security vulnerabilities.
Assistant / Associate:
Understand components of a typical penetration test
Gain familiarity with common testing systems and tools
Run predefined tasks as part of larger tests
Senior Associate / Professional:
Analyze results from standard testing scripts
Perform ad-hoc tests against systems where indicated
Write penetration test reports
Senior Professional / Principal:
Understand application architecture and network architecture well enough to predict weak points
Advise on how to patch discovered vulnerabilities
How to Develop Penetration Testing
Training Courses:
· SANS SEC542 – Web App Penetration Testing and Ethical Hacking
· SANS SEC560 – Network Penetration Testing and Ethical Hacking
· SANS SEC588: Cloud Penetration Testing
Online Videos:
· https://www.youtube.com/watch?v=3Kq1MIfTWCE
· https://www.youtube.com/watch?v=2_lswM1S264
Experiences:
· Participate in formal penetration tests
How to Demonstrate Penetration Testing
DO:Describe what you did in completing / achieving your development plan
ASSESS:Share, if applicable, any assessments that were taken / provided related to your activities
LEARN:Explain what you felt that you were able to learn during your journey / experiences
APPLY:Give specifics examples where you have / plan to make direct application to your work
REFLECT:Review / consider things you would have done differently had you had this experience earlier