< Back to Skils in Cyber
PENENTRATION TESTING FUNDAMENTALS
Powered by European Digital Innovation Hub Trakia
About the training
The course covers topics such as network and web application penetration testing, as well as social engineering and physical security testing. Throughout the course, students learn about the principles and practices of penetration testing, including how to identify and exploit vulnerabilities in systems and networks.
The course covers topics such as network and web application penetration testing, as well as social engineering and physical security testing. Throughout the course, students learn about the principles and practices of penetration testing, including how to identify and exploit vulnerabilities in systems and networks.
What you will learn
- Penetration Testing Methodologies;
- Black box, White box, Grey box;
- Network Security;
- Vulnerability Research;
- Metasploit;
- Introduction to Web Hacking;
- Burp Suite;
- Privilege Escalation.
- Penetration Testing Methodologies;
- Black box, White box, Grey box;
- Network Security;
- Vulnerability Research;
- Metasploit;
- Introduction to Web Hacking;
- Burp Suite;
- Privilege Escalation.
Training information
Penetration Testing Fundamentals is a course that provides an introduction to the field of penetration testing, also known as "pen testing". This course is designed for individuals with little to no experience in cybersecurity, but who are interested in learning more about the techniques and tools used to test the security of computer systems and networks. Students also learn about the legal and ethical considerations of penetration testing, as well as the importance of following industry best practices and guidelines. The course also introduces various tools and techniques used by professional penetration testers, including both open source and commercial tools. In addition to the core course content, students also have the opportunity to apply their knowledge through hands-on lab exercises and real-world case studies. By the end of the course, students have a solid foundation in the principles of penetration testing and are well-prepared to pursue more advanced training and certification in the field. The training ideally incorporates 24 hours (3 days) seminar for 8 attendees with the following agenda:
- Penetration Testing Methodologies - This syllabus point covers the different approaches and methodologies used in penetration testing. Students learn about the different types of penetration tests, including network and web application tests, as well as social engineering and physical security tests. The syllabus point also covers the planning and execution of a penetration test, including the use of tools and techniques to identify and exploit vulnerabilities.
- Black box, White box, Grey box - This syllabus point covers the different levels of knowledge and access assumed by the tester in a penetration test. Black box testing assumes no knowledge of the target system, white box testing assumes complete knowledge, and grey box testing assumes partial knowledge. The syllabus point also covers the implications of each approach and when each is most appropriate.
- Network Security - This syllabus point covers the principles and practices of network security, including common security threats and vulnerabilities. Students will learn about network architecture and protocols, and how to identify and mitigate common security risks. The syllabus point also covers topics like network security controls and best practices for securing networks.
- Vulnerability Research - This syllabus point covers the process of identifying and researching vulnerabilities in computer systems and networks. Students learn about common vulnerability discovery techniques and tools, as well as how to assess the severity of a vulnerability and recommend appropriate remediation steps. The syllabus point also covers the importance of staying up-to-date on the latest vulnerabilities and exploitation techniques.
- Metasploit - This syllabus point covers the use of the Metasploit framework in penetration testing. Students learn how to use Metasploit to perform basic tasks, such as scanning for vulnerabilities and launching exploits. The syllabus point also covers advanced topics, such as creating custom exploits and payloads, and integrating Metasploit with other tools and frameworks.
- Introduction to Web Hacking - This syllabus point covers the basics of web application hacking, including common vulnerabilities and exploitation techniques. Students learn about the structure and function of web applications, and how to identify and exploit common web application vulnerabilities. The syllabus point also covers topics like input validation and output encoding, as well as best practices for securing web applications.
- Burp Suite - This syllabus point covers the use of the Burp Suite tool in web application penetration testing. Students learn how to use Burp Suite to perform basic tasks, such as intercepting and modifying web traffic, and identifying vulnerabilities in web applications. The syllabus point also covers advanced topics, such as configuring and using Burp Suite's various tools and plugins.
- Privilege Escalation - This syllabus point covers the process of escalating privileges within a computer system or network. Students learn about common privilege escalation techniques, such as exploiting vulnerabilities and misconfigurations, as well as how to identify and prevent privilege escalation attacks. The syllabus point also covers topics like privilege escalation defenses and countermeasures, as well as best practices for securing systems and networks against privilege escalation attacks.
Penetration Testing Fundamentals is a course that provides an introduction to the field of penetration testing, also known as "pen testing". This course is designed for individuals with little to no experience in cybersecurity, but who are interested in learning more about the techniques and tools used to test the security of computer systems and networks. Students also learn about the legal and ethical considerations of penetration testing, as well as the importance of following industry best practices and guidelines. The course also introduces various tools and techniques used by professional penetration testers, including both open source and commercial tools. In addition to the core course content, students also have the opportunity to apply their knowledge through hands-on lab exercises and real-world case studies. By the end of the course, students have a solid foundation in the principles of penetration testing and are well-prepared to pursue more advanced training and certification in the field. The training ideally incorporates 24 hours (3 days) seminar for 8 attendees with the following agenda:
- Penetration Testing Methodologies - This syllabus point covers the different approaches and methodologies used in penetration testing. Students learn about the different types of penetration tests, including network and web application tests, as well as social engineering and physical security tests. The syllabus point also covers the planning and execution of a penetration test, including the use of tools and techniques to identify and exploit vulnerabilities.
- Black box, White box, Grey box - This syllabus point covers the different levels of knowledge and access assumed by the tester in a penetration test. Black box testing assumes no knowledge of the target system, white box testing assumes complete knowledge, and grey box testing assumes partial knowledge. The syllabus point also covers the implications of each approach and when each is most appropriate.
- Network Security - This syllabus point covers the principles and practices of network security, including common security threats and vulnerabilities. Students will learn about network architecture and protocols, and how to identify and mitigate common security risks. The syllabus point also covers topics like network security controls and best practices for securing networks.
- Vulnerability Research - This syllabus point covers the process of identifying and researching vulnerabilities in computer systems and networks. Students learn about common vulnerability discovery techniques and tools, as well as how to assess the severity of a vulnerability and recommend appropriate remediation steps. The syllabus point also covers the importance of staying up-to-date on the latest vulnerabilities and exploitation techniques.
- Metasploit - This syllabus point covers the use of the Metasploit framework in penetration testing. Students learn how to use Metasploit to perform basic tasks, such as scanning for vulnerabilities and launching exploits. The syllabus point also covers advanced topics, such as creating custom exploits and payloads, and integrating Metasploit with other tools and frameworks.
- Introduction to Web Hacking - This syllabus point covers the basics of web application hacking, including common vulnerabilities and exploitation techniques. Students learn about the structure and function of web applications, and how to identify and exploit common web application vulnerabilities. The syllabus point also covers topics like input validation and output encoding, as well as best practices for securing web applications.
- Burp Suite - This syllabus point covers the use of the Burp Suite tool in web application penetration testing. Students learn how to use Burp Suite to perform basic tasks, such as intercepting and modifying web traffic, and identifying vulnerabilities in web applications. The syllabus point also covers advanced topics, such as configuring and using Burp Suite's various tools and plugins.
- Privilege Escalation - This syllabus point covers the process of escalating privileges within a computer system or network. Students learn about common privilege escalation techniques, such as exploiting vulnerabilities and misconfigurations, as well as how to identify and prevent privilege escalation attacks. The syllabus point also covers topics like privilege escalation defenses and countermeasures, as well as best practices for securing systems and networks against privilege escalation attacks.