Dave Shackleford on improving internal pen testing methodology

Dave Shackleford on improving internal pen testing methodology

Date: Jul 18, 2012

In nearly every enterprise penetration test, there are a number of phases. These include reconnaissance, scanning, enumeration, penetration and reporting. In each phase, there are a number of specific objectives most teams will want to accomplish.

In this special video presentation, expert penetration tester Dave Shackleford will provide tactical and operational advice on pen testing methodology, with a number of lessons learned and best practices from having performed hundreds of pen tests over the last 13 years. Specific areas of focus will include:

• New and innovative ways to find information about employees and assets during the reconnaissance phase;
• Methods for performing social engineering attacks;
• Simple ways to optimize scans for the best results;
• Enumerating systems and applications to get the best results;
• Tools and tactics for penetration and pivoting to new targets; and
• What to include (and leave out) of pen testing reports.

Editor's note: Also see Dave Shackleford's exclusive companion article, Social engineering penetration testing: Four effective techniques, and his Information Security magazine feature story, Why you need an internal pen testing program.

About the expert:
Dave Shackleford is senior vice president and chief technology officer with IANS.

More on Security Testing and Ethical Hacking

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: