Course in Intrusion Testing

100% subsidized training for employed and unemployed professionals.

Nid: 29178

Syllabus

Curriculum

1. Penetration test and types of tools - 8 hours

Distinction between penetration testing and auditing.

Objectives
Differentiating elements

Classification according to available information:

White box
Black box
Grey box

Classification according to the services to be tested:

Network penetration test
Wireless network penetration test
Systems penetration test
Web application penetration testing
Penetration testing through social engineering

2. Intrusion testing methodologies - 20 hours

Description of the phases of an intrusion test:

Test planning
Test analysis
Reporting results

Definition of concepts:

Scope of the test
Attack vector

OSSTMM (Open Source Security Testing Methodology Manual) classification:

Physical security
Process security
Security in Internet technologies
Communications security
Wireless security
Information security
RAV (Risk Assessment Value)

OWASP (Open Web Application Security Project) classification:

Configuration and deployment management testing
Identity management testing
Authentication testing
Proof of authorization
Session management test
Input validation tests
Error handling testing
Weak cryptography testing
Business logic testing
Client-side testing
API testing

Differences between OSSTMM and OWASP

3. Tools for the execution of penetration tests - 18 hours

Generic tool classification:

Burp Suite
OpenVAS
Nessus
Metasploit
Kali Linux

Classification of network tools:

Nmap
Aircrack-ng
Wireshark
Zmap
Ettercap

Classification of password cracking/stealing tools:

Hydra
John the Ripper
Hashcat

4. Results and reports - 6 hours

Documentation support tools:

Dradis
Faraday

Reporting:

Evaluation and analysis of results
Specification of the tests performed
Technical results
Recommendations

Defining record retention policies:

Granularity and durability of recorded data according to sources and relevance
Regulatory and contractual requirements

5. Planning and execution of an intrusion test - 8 hours

Selection of the most appropriate methodology to perform an intrusion test:

Define the scope
Determine attack vectors
Planning for its execution

Selection of the type of test to determine the exploitability of vulnerabilities:

Determination of the test according to the scope
Running the selected test
Obtaining results

Preparation of the intrusion test report:

Information collection and organization
Drafting the report

i

Contact and Help

Verónica Navarrete Jiménez

+34932902481

34609170935

contact_study_form

Request information

Personal Information

Academic Data

Other Data

Accept the conditionsmore information *

The data controller is FUNDACIÓ PRIVADA UNIVERSITAT I TECNOLOGIA (FUNITEC) The purpose is to send information about FUNITEC about the activities, services and initiatives organised by La Salle Campus Barcelona. The data will be processed with the consent of the interested party. They will not be communicated to other parties. You may access the data, rectify it, delete it, request the limitation of its processing or object to it. You can consult additional information by following this link.

BASIC INFORMATION ON PROTECTION OF PERSONAL DATA
The data controller is FUNDACIÓ PRIVADA UNIVERSITAT I TECNOLOGIA (FUNITEC) The purpose is to send information about FUNITEC about the activities, services and initiatives organised by La Salle Campus Barcelona. The data will be processed with the consent of the interested party. They will not be communicated to other parties. You may access the data, rectify it, delete it, request the limitation of its processing or object to it. You can consult additional information by following this link.