Dave Shackleford on improving internal pen testing methodologyDate: Jul 18, 2012
In nearly every enterprise penetration test, there are a number of phases. These include reconnaissance, scanning, enumeration, penetration and reporting. In each phase, there are a number of specific objectives most teams will want to accomplish.
In this special video presentation, expert penetration tester Dave Shackleford will provide tactical and operational advice on pen testing methodology, with a number of lessons learned and best practices from having performed hundreds of pen tests over the last 13 years. Specific areas of focus will include:
• New and innovative ways to find information about employees and assets during the reconnaissance phase;
• Methods for performing social engineering attacks;
• Simple ways to optimize scans for the best results;
• Enumerating systems and applications to get the best results;
• Tools and tactics for penetration and pivoting to new targets; and
• What to include (and leave out) of pen testing reports.
Editor's note: Also see Dave Shackleford's exclusive companion article, Social engineering penetration testing: Four effective techniques, and his Information Security magazine feature story, Why you need an internal pen testing program.
About the expert:
Dave Shackleford is senior vice president and chief technology officer with IANS.