New Training: Penetration Testing Techniques

In this 9-video skill, CBT Nuggets trainer Keith Barker discusses and explains several penetration testing techniques. Watch this new Cyber Security training.

Learn Cyber Security with one of these courses:

• Security Threats, Attacks, and Vulnerabilities Training

This training includes:

• 9 videos

• 54 minutes of training

You’ll learn these topics in this skill:

• Introduction to Penetration Testing

• Pen Testing Overview

• OSSTMM

• Resources from NIST

• Penetration Testing Execution Standard

• Pen Testing Demo

• OWASP

• Security Team Exercises

• Pen Testing Review Quiz

The NIST Framework For Security Researchers

Though the cybersecurity kill chain, developed as a framework for cyber attacks by Lockheed Martin, is a popular roadmap for pentesters to follow, other organizations, like NIST, also provide resources for penetration testing as well. One of the resources that NIST offers is the Cybersecurity Framework (CSF).

The Cybersecurity Framework is an open plan of attack like the cybersecurity kill chain. Instead of analyzing the patterns of attack hackers use, the CSF is a flatter set of guidelines penetration testers can use for security analysis. That plan consists of four generalized steps:

1. Planning

2. Discovery

3. Attack

4. Reporting

Each phase is deliberately left open-ended so that security researchers can use the NIST guidelines while molding their attack flows around individual businesses. The CSF is constantly evolving, too. NIST continually releases advisories as new threats emerge, so each phase can be adapted as needed.

It is advised that security researchers should subscribe to the NIST mailing list so they can receive new security advisories as they are released.