SlideShare uma empresa Scribd logo

Ethical Hacking & Penetration Testing

Won Ju Jub
Won Ju Jub

Ethical Hacking & Penetration Testing

1 de 50
Baixar para ler offline
Ethical Hacking & Penetration Test ting Bachelor Degree in Computer Engineering (CPE) Faculty of Engineering, KMUTT 18-Sep_2009 Surachai Chatchalermpun
Global Certificate • EC-Council – CEH (Certified Ethical Hacker) – ECSA (EC-Council Certified Security Analyst) – LPT (Lice sensed Penetration Tester) • SANS GIAC (Global Information Assurance Certification) – GPEN (GIAC Certified Penetration Tester ) – GWAPT (GIAC Web Application Penetration Tester) • OSSTMM (The Open Source Security Testing Methodology Manual) – OPST (OSSTMM PROFESSIONAL SECURITY TESTER ACCREDITED CERTIFICATION) – OPSA (OSSTMM PROFESSIONAL SECURITY ANALYST ACCREDITED CERTIFICATION) • NIST (SP800-115) – OPSE (OSSTMM PROFESSIONAL SECURITY EXPERT ACCREDITED CERTIFICATION) OSSTMM • Mile2 – CPTEngineer (Certified Pen Testing Engineer) Government-US with standards such as the NSA Infrastructure Evaluation Methodology (IEM). Open Web Application Security Project (OWASP) provides a framework of recommendations 2
OSSTMM • NIST (SP800-115) 3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

Recomendados

Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Rishabh Upadhyay
 
Dmz
DmzDmz
Dmztoby jesse
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security TestingSanjulika Rastogi
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
Penetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostomPenetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostomHardway Hou
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Network Intelligence India
 
Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)Denim Group
 
Application Security in the Age of Open Source
Application Security in the Age of Open SourceApplication Security in the Age of Open Source
Application Security in the Age of Open SourceBlack Duck by Synopsys
 

Recomendados

Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Rishabh Upadhyay
 
Dmz
DmzDmz
Dmztoby jesse
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security TestingSanjulika Rastogi
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
Penetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostomPenetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostomHardway Hou
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Network Intelligence India
 
Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)Denim Group
 
Application Security in the Age of Open Source
Application Security in the Age of Open SourceApplication Security in the Age of Open Source
Application Security in the Age of Open SourceBlack Duck by Synopsys
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyBlack Duck by Synopsys
 
Running a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source ToolsRunning a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source ToolsDenim Group
 
Don't Let Open Source be the Deal Breaker In Your M&A
Don't Let Open Source be the Deal Breaker In Your M&A Don't Let Open Source be the Deal Breaker In Your M&A
Don't Let Open Source be the Deal Breaker In Your M&A Black Duck by Synopsys
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingBlack Duck by Synopsys
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGPSarang Ananda Rao
 
Securing Docker Containers
Securing Docker ContainersSecuring Docker Containers
Securing Docker ContainersBlack Duck by Synopsys
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment ReportHarshit Singh Bhatia
 
Open Source in Application Security
Open Source in Application SecurityOpen Source in Application Security
Open Source in Application SecurityBlack Duck by Synopsys
 
ASP.NET Web Security
ASP.NET Web SecurityASP.NET Web Security
ASP.NET Web SecuritySharePointRadi
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Reportbtpsec
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofingLuthfi Widyanto
 
The 4 Levels of Open Source Risk Management
The 4 Levels of Open Source Risk ManagementThe 4 Levels of Open Source Risk Management
The 4 Levels of Open Source Risk ManagementBlack Duck by Synopsys
 
Arp (address resolution protocol)
Arp (address resolution protocol)Arp (address resolution protocol)
Arp (address resolution protocol)tigerbt
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarpराहुल खेडेकर
 
Address resolution protocol
Address resolution protocolAddress resolution protocol
Address resolution protocolasimnawaz54
 
Summary Arun_Murthi Software System Safety SME
Summary Arun_Murthi Software System Safety SMESummary Arun_Murthi Software System Safety SME
Summary Arun_Murthi Software System Safety SMEARUN MURTHI
 
First SCADA LAB International Workshop
First SCADA LAB International WorkshopFirst SCADA LAB International Workshop
First SCADA LAB International WorkshopScadaLab Project
 
Summary Arun_Murthi Software System Safety SME
Summary Arun_Murthi Software System Safety SMESummary Arun_Murthi Software System Safety SME
Summary Arun_Murthi Software System Safety SMEARUN MURTHI
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
 

Mais conteúdo relacionado

Destaque

Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyBlack Duck by Synopsys
 
Running a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source ToolsRunning a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source ToolsDenim Group
 
Don't Let Open Source be the Deal Breaker In Your M&A
Don't Let Open Source be the Deal Breaker In Your M&A Don't Let Open Source be the Deal Breaker In Your M&A
Don't Let Open Source be the Deal Breaker In Your M&A Black Duck by Synopsys
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingBlack Duck by Synopsys
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Reportbtpsec
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
The 4 Levels of Open Source Risk Management
The 4 Levels of Open Source Risk ManagementThe 4 Levels of Open Source Risk Management
The 4 Levels of Open Source Risk ManagementBlack Duck by Synopsys
 
Arp (address resolution protocol)
Arp (address resolution protocol)Arp (address resolution protocol)
Arp (address resolution protocol)tigerbt
 
Address resolution protocol
Address resolution protocolAddress resolution protocol
Address resolution protocolasimnawaz54
 

Destaque (18)

Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
 
Running a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source ToolsRunning a Software Security Program with Open Source Tools
Running a Software Security Program with Open Source Tools
 
Don't Let Open Source be the Deal Breaker In Your M&A
Don't Let Open Source be the Deal Breaker In Your M&A Don't Let Open Source be the Deal Breaker In Your M&A
Don't Let Open Source be the Deal Breaker In Your M&A
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s Missing
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Securing Docker Containers
Securing Docker ContainersSecuring Docker Containers
Securing Docker Containers
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
 
Open Source in Application Security
Open Source in Application SecurityOpen Source in Application Security
Open Source in Application Security
 
ASP.NET Web Security
ASP.NET Web SecurityASP.NET Web Security
ASP.NET Web Security
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofing
 
The 4 Levels of Open Source Risk Management
The 4 Levels of Open Source Risk ManagementThe 4 Levels of Open Source Risk Management
The 4 Levels of Open Source Risk Management
 
Arp (address resolution protocol)
Arp (address resolution protocol)Arp (address resolution protocol)
Arp (address resolution protocol)
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp
 
Address resolution protocol
Address resolution protocolAddress resolution protocol
Address resolution protocol
 

Semelhante a Ethical Hacking & Penetration Testing

Summary Arun_Murthi Software System Safety SME
Summary Arun_Murthi Software System Safety SMESummary Arun_Murthi Software System Safety SME
Summary Arun_Murthi Software System Safety SMEARUN MURTHI
 
First SCADA LAB International Workshop
First SCADA LAB International WorkshopFirst SCADA LAB International Workshop
First SCADA LAB International WorkshopScadaLab Project
 
Summary Arun_Murthi Software System Safety SME
Summary Arun_Murthi Software System Safety SMESummary Arun_Murthi Software System Safety SME
Summary Arun_Murthi Software System Safety SMEARUN MURTHI
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
 
Mg Resume 2012 V2
Mg Resume 2012 V2Mg Resume 2012 V2
Mg Resume 2012 V2sagesilver
 
БОГДАН САВЧУК «IoT testing: Manual, Automation and Cyber Security techniques»
БОГДАН САВЧУК «IoT testing: Manual, Automation and Cyber Security techniques»БОГДАН САВЧУК «IoT testing: Manual, Automation and Cyber Security techniques»
БОГДАН САВЧУК «IoT testing: Manual, Automation and Cyber Security techniques»GoQA
 
Recruiters' guide to hire an Ethical hacker
Recruiters' guide to hire an Ethical hackerRecruiters' guide to hire an Ethical hacker
Recruiters' guide to hire an Ethical hackerAyman Hussein
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentationIntroduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentationObika Gellineau
 
LTTS_Dinesh Prasath_Resume
LTTS_Dinesh Prasath_ResumeLTTS_Dinesh Prasath_Resume
LTTS_Dinesh Prasath_ResumeDinesh Prasath
 
Continuous Monitoring Deck
Continuous Monitoring DeckContinuous Monitoring Deck
Continuous Monitoring DeckBrian Fennimore
 
Uvm presentation dac2011_final
Uvm presentation dac2011_finalUvm presentation dac2011_final
Uvm presentation dac2011_finalsean chen
 
Presentazione tesi magistrale procentese.pptx
Presentazione tesi magistrale procentese.pptxPresentazione tesi magistrale procentese.pptx
Presentazione tesi magistrale procentese.pptxAntonioProcentese1
 

Semelhante a Ethical Hacking & Penetration Testing (20)

Summary Arun_Murthi Software System Safety SME
Summary Arun_Murthi Software System Safety SMESummary Arun_Murthi Software System Safety SME
Summary Arun_Murthi Software System Safety SME
 
First SCADA LAB International Workshop
First SCADA LAB International WorkshopFirst SCADA LAB International Workshop
First SCADA LAB International Workshop
 
Summary Arun_Murthi Software System Safety SME
Summary Arun_Murthi Software System Safety SMESummary Arun_Murthi Software System Safety SME
Summary Arun_Murthi Software System Safety SME
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
 
OA VLSI course agenda
OA VLSI course agendaOA VLSI course agenda
OA VLSI course agenda
 
Mg Resume 2012 V2
Mg Resume 2012 V2Mg Resume 2012 V2
Mg Resume 2012 V2
 
Ecsa LPT V8 brochure
Ecsa LPT V8 brochureEcsa LPT V8 brochure
Ecsa LPT V8 brochure
 
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan tiSosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
 
БОГДАН САВЧУК «IoT testing: Manual, Automation and Cyber Security techniques»
БОГДАН САВЧУК «IoT testing: Manual, Automation and Cyber Security techniques»БОГДАН САВЧУК «IoT testing: Manual, Automation and Cyber Security techniques»
БОГДАН САВЧУК «IoT testing: Manual, Automation and Cyber Security techniques»
 
Jurovich CV 12-15b TE
Jurovich CV 12-15b TEJurovich CV 12-15b TE
Jurovich CV 12-15b TE
 
Recruiters' guide to hire an Ethical hacker
Recruiters' guide to hire an Ethical hackerRecruiters' guide to hire an Ethical hacker
Recruiters' guide to hire an Ethical hacker
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
 
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentationIntroduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
 
LTTS_Dinesh Prasath_Resume
LTTS_Dinesh Prasath_ResumeLTTS_Dinesh Prasath_Resume
LTTS_Dinesh Prasath_Resume
 
Continuous Monitoring Deck
Continuous Monitoring DeckContinuous Monitoring Deck
Continuous Monitoring Deck
 
2020 safecomp-sep18
2020 safecomp-sep182020 safecomp-sep18
2020 safecomp-sep18
 
Uvm presentation dac2011_final
Uvm presentation dac2011_finalUvm presentation dac2011_final
Uvm presentation dac2011_final
 
2016ManojResume
2016ManojResume2016ManojResume
2016ManojResume
 
Rehman, Aziz (SCE Resume)
Rehman, Aziz (SCE Resume)Rehman, Aziz (SCE Resume)
Rehman, Aziz (SCE Resume)
 
Presentazione tesi magistrale procentese.pptx
Presentazione tesi magistrale procentese.pptxPresentazione tesi magistrale procentese.pptx
Presentazione tesi magistrale procentese.pptx
 

Ethical Hacking & Penetration Testing

  • 1. Ethical Hacking & Penetration Test ting Bachelor Degree in Computer Engineering (CPE) Faculty of Engineering, KMUTT 18-Sep_2009 Surachai Chatchalermpun
  • 2. Global Certificate • EC-Council – CEH (Certified Ethical Hacker) – ECSA (EC-Council Certified Security Analyst) – LPT (Lice sensed Penetration Tester) • SANS GIAC (Global Information Assurance Certification) – GPEN (GIAC Certified Penetration Tester ) – GWAPT (GIAC Web Application Penetration Tester) • OSSTMM (The Open Source Security Testing Methodology Manual) – OPST (OSSTMM PROFESSIONAL SECURITY TESTER ACCREDITED CERTIFICATION) – OPSA (OSSTMM PROFESSIONAL SECURITY ANALYST ACCREDITED CERTIFICATION) • NIST (SP800-115) – OPSE (OSSTMM PROFESSIONAL SECURITY EXPERT ACCREDITED CERTIFICATION) OSSTMM • Mile2 – CPTEngineer (Certified Pen Testing Engineer) Government-US with standards such as the NSA Infrastructure Evaluation Methodology (IEM). Open Web Application Security Project (OWASP) provides a framework of recommendations 2
  • 3. OSSTMM • NIST (SP800-115) 3
  • 4. 4
  • 5. 5
  • 6. 6
  • 7. 7
  • 8. 8
  • 9. 9
  • 10. 10
  • 11. 11
  • 12. 12
  • 13. 13
  • 14. 14
  • 15. 15
  • 16. 16
  • 17. 17
  • 18. 18
  • 19. 19
  • 20. 20
  • 21. 21
  • 22. 22
  • 23. 23
  • 24. 24
  • 25. 25
  • 26. 26
  • 27. 27
  • 28. 28
  • 29. 29
  • 30. 30
  • 31. 31
  • 32. 32
  • 33. 33
  • 34. 34
  • 35. 35
  • 36. 36
  • 37. 37
  • 38. 38
  • 39. 39
  • 40. 40
  • 41. 41
  • 42. 42
  • 43. 43
  • 44. 44
  • 45. 45
  • 46. 46
  • 47. 47
  • 48. 48
  • 49. 49
  • 50. 50