Determining Assessment Scope

What's the goal of the penetration (pen) test? Before starting any ethical hacking job, it's important that you determine the scope of the assignment. These kinds of details should have been worked out in the written agreement that specifies the scope of the engagement. Is the entire organization, a particular location, or one division to be examined, and will any subsidiaries be assessed? These are some questions that need to be answered up front before you begin any activity. Why is this mentioned here? Because you always want to make sure that you have legal written permission before you begin any footprinting or testing. Once an agreement is in place, there might still be logistical problems. Scope creep can be one of the biggest logistical problems you can face. Scope creep is the expansion of the assignment beyond its original specification. The client might want to expand the pen test beyond its original specifications; if so, make sure that the new requirements are added to the contract and that proper written authorization has been obtained.

The Seven Step Information Gathering Process

Part I: Exam Preparation

The Business Aspects of Penetration Testing

The Technical Foundations of Hacking

Footprinting and Scanning

Enumeration and System Hacking

Linux and Automated Security Assessment Tools

Trojans and Backdoors

Sniffers, Session Hijacking, and Denial of Service

Web Server Hacking, Web Applications, and Database Attacks

Wireless Technologies, Security, and Attacks

IDS, Firewalls, and Honeypots

Buffer Overflows, Viruses, and Worms

Cryptographic Attacks and Defenses

Physical Security and Social Engineering

Part II: Final Review

Part III: Appendixes

Appendix A. Using the ExamGear Special Edition Software



Certified Ethical Hacker Exam Prep
Certified Ethical Hacker Exam Prep
ISBN: 0789735318
EAN: 2147483647
Year: 2007
Pages: 247
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net