New Training: Penetration Testing Planning and Scoping
In this 25-video, intermediate training, CBT Nuggets trainer Shawn Powers covers the knowledge security technicians need to decide what networks, applications, databases, accounts, people, controls and assets will be targeted in a given penetration test and define them for the testers.
Doing a penetration test without enough planning and scoping ahead of time would be a lot like walking back to the parking lot to make sure you locked your car doors, but then also checking the car door of every other car in the parking lot and every parking lot in the city. In other words, a penetration test is a good way to double-check your network’s security posture but if you’re not careful, you can waste a lot of time and money when you do it. You can include networks or devices you’re not interested in, or you can check for vulnerabilities you’ve already identified or that you know aren’t valid. This Penetration Testing Planning and Scoping training covers how to identify stakeholders, gather information, assess needs, balance costs, and plan the scope of a penetration test.
The four-part series covers topics such as identifying stakeholders with input as to ideal scope of pen test, incorporating the balance of pen test cost with security gains into determination of scope, and gathering sufficient information to adequately scope tests.
Watch a video from the series:
The skills that comprise this series include:
Topics this training covers include:
Introduction to Properly Scoping an Engagement
Explaining Timelines and Disclaimers
Legal Concepts Introduction
Defining Technical Constraints
Identifying Various Compliance-based Standards
This training includes:
1 hour of training