Penetration Testing PTS405
Page 1 of 6 Security Analysis Copyright © by EC-Council | Press
All Rights Reserved. Reproduction is Strictly Prohibited.
Course Title: Penetration Testing: Network Threat
Testing, 1st Edition
Course Description:
The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics in advanced penetration testing and information security analysis. The content of this program is designed to expose the reader to groundbreaking methodologies in conducting thorough information security analysis, as well as advanced penetration testing techniques. Armed with the knowledge from the Security Analyst series, along with proper experience, readers will be able to perform the intensive assessments required to effectively identify and mitigate risks to the security of the organization's infrastructure.
PENETRATION TESTING: NETWORK THREAT TESTING coverage includes penetration testing of denial of service, password cracking, applications, database, viruses and Trojans, log management, data leakage and file integrity.
Certificate Info
Penetration Testing: Network Threat Testing
Who Should Attend?
This course will significantly benefit Network administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment professionals.
Course Duration: 2 days (9:00 – 5:00) CPE/ECE Qualification
16 ECE Credits awarded for attendance (1 for each classroom hour) Suggested Retail:
Penetration Testing PTS405
Page 3 of 6 Security Analysis Copyright © by EC-Council | Press
All Rights Reserved. Reproduction is Strictly Prohibited. Required Courseware:
Visit www.cengage.com/community/eccouncil and click on Training Workshops for ordering details.
What’s included? Physical Courseware
1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate
Course + Supplement Cost:
See the “Training Workshops” section at
www.cengage.com/community/eccouncil
for current pricing information.Related Certificates:
Penetration Testing: Security Analysis
Penetration Testing: Network and Perimeter Testing Penetration Testing: Communication Media Testing Penetration Testing: Procedures & Methodologies
Course Briefing:
1. Denial-Of-Service Penetration Testing Module Brief:
This module explains that the purpose of performing a DoS attack is to bring down the performance of a website. It explains that the DoS attack and DDoS are similar attacks. The difference is that DDoS is a distributed attack, wherein the attack is launched from various unsuspected sources. A look at the DoS attacks, its effects, attacker’s strategy, stability, performance and penetration testing.
2. Password-Cracking Penetration Testing Module Brief:
This module explains that Passwords protect computer resources and files from unauthorized access by malicious users and how companies use a combination of passwords and user IDs to protect their resources against intrusions by hackers and thieves. The tool that simplifies migration synchronization of that system, SAMDUMP is also explained.
3. Application Penetration Testing Module Brief:
In software engineering, a web application is an application delivered to users from a web server over a network such as the World Wide Web or an intranet. Web applications are popular due to the ubiquity of the web browser as a client, sometimes called a thin client. Application testing involves meticulously testing an application under certain conditions to check for vulnerabilities in the code. The module discusses various steps in the penetration testing of web applications and the tools that are useful for the same.
4. Database Penetration Testing Module Brief:
The module discusses the various steps in database penetration testing including using SQL plus to enumerate system tables, MySQL Server database testing, and Port Scan UDP/TCP Ports (TCP/UDP). The module also discusses various tools that can be used for dictionary attacks aimed at cracking database login details.
5. Virus and Trojan Detection Module Brief:
The module discusses the steps to be followed for detecting Trojans and viruses in the system, and lists various spyware detectors, anti-trojans, and antivirus software.
6. Log Management Penetration Testing Module Brief:
Security software logs are the logs that provide the record of instances of security software. Few of the security software are antimalware software, Intrusion detection and prevention systems, remote access software, web proxies, vulnerability management software, authentication servers, network quarantine servers, routers, firewalls, etc.
The module discusses the need for log management, challenges in log management, the steps for log management penetration testing, and lists guidelines for secure log management.
7. File Integrity Checking Module Brief:
This module familiarizes File integrity, which verifies if the file is same as the original file and if there are any modifications in the file. It explains about Faulty storage media, Transmission error, Cyclic
Penetration Testing PTS405
Page 5 of 6 Security Analysis Copyright © by EC-Council | Press
All Rights Reserved. Reproduction is Strictly Prohibited. Redundancy Check (CRC) function takes input data stream of any length and produces an output value of a certain fixed size, Hash-based verification and tools such as md5sum and PasswordZilla. 8. Data Leakage Penetration Testing
Module Brief:
Confidential data of the organization includes important information about the company, its clients, products, planning of new product, and its partners. An organization needs to perform data leakage penetration testing to protect its confidential data from malicious users.
The module explains how data can be leaked, steps for data leakage penetration testing, discusses data privacy and protection acts, and various data protection tools
Course Outline:
Chapter 1: Denial-Of-Service Penetration Testing Introduction to Denial-Of-Service Penetration Testing Distributed Denial-Of-Service Attack
Conducting a Denial-Of-Service Penetration Test Web Testing Tools
Java Test Tools
Java Development Tools
Chapter 2: Password-Cracking Penetration Testing Introduction to Password-Cracking Penetration Testing Password-Cracking Techniques
Types of Password-Cracking Attacks
Steps in Password-Cracking Penetration Testing Tools
Chapter 3: Application Penetration Testing Introduction to Application Penetration Testing Defects
Requirements and Design Testing Web Application Penetration Testing Application-Testing Tools
Chapter 4: Database Penetration Testing Introduction to Database Penetration Testing Port Scanning
Database Penetration Testing Steps Chapter 5: Virus and Trojan Detection
Introduction to Virus and Trojan Detection
Using connection and port information to detect Trojans Using process information to detect Trojans
Detecting boot-sector viruses
Enumerating the different tools used to detect viruses and Trojans Chapter 6: Log Management Penetration Testing
Introduction to Log Management Penetration Testing Log File Overview
The Need for Log Management
Steps for Log Management Penetration Testing Checklist for Secure Log Management
Chapter 7: File Integrity Checking Introduction to File Integrity Checking File Integrity Overview
Integrity-Checking Techniques File Integrity-Checking Tools
Chapter 8: Data Leakage Penetration Testing Introduction to Data Leakage Penetration Testing Points of Data Leakage
Sensitive Data
Steps for Data Leakage Penetration Testing Data Privacy and Protection Acts
