Penetration Testing

Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.

Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.

The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents.

Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.

Pen test strategies include:

Target Testing - Targeted testing is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a "lights-turned-on" approach because everyone can see the test being carried out.

A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, service and application flaws, improper configurations, or risky end-user behavior.

Penetration testing a black box testing technique in which an authorized attempt is made to violate specific constraints stated in the form of a security or integrity policy of the system, application, network or database. It is a testing technique for discovering and documenting all the security holes that can be found in a system.

Security testing can never prove the absence of security flaws but it can prove their presence.

Penetration Testing Stages:

  • Scope/Goal Definition
  • Information Gathering
  • Vulnerability Detection
  • Information Analysis and Planning
  • Attack & Penetration/Privilege Escalation
  • Result Analysis & Reporting
  • Cleanup

Syllabus for Penetration Testing Course

Chapter 1 - Web Architectures

Chapter 2 - Web Application Introduction

Chapter 3 - PHP-Basics

Chapter 4 - Sessions & Cookies

Chapter 5 - XSS Attacks

Chapter 6 - Advanced SQLI

Chapter 7 - Cross Site Request Forgery

Chapter 8 - Session Hijacking

Chapter 9 - Web based DDOS Attacks

Chapter 10 - PHP Injection

Chapter 11 - Web Based Worms

Chapter 12 - Flash based Web Attacks

Chapter 13 - I-Frame based Web Attacks

Chapter 14 - Clickjacking

Chapter 15 - Attack frameworks: AttackAPI & BeEF

Chapter 16 - Penetration testing on DVWA

Chapter 17 - Honeytokens

Chapter 18 - OWASP Top 10

Chapter 19 - Metasploit and Web Application

Chapter 20 - PHP Curl

Chapter 21 - Automated Bots

Chapter 22 - Phishing 2.0

Chapter 23 - Brute forcing Web Applications

Chapter 24 - Compliance Methodologies and Legalities



fill the Inquiry Form