07 2020 档案
摘要:Scanning and Enumeration INFORMATION GATHERING Scanning Process of looking at some number of "things" to determine characteristics Commonly used in pe
阅读全文
摘要:Scope Vulnerabilities SCHEDULING AND SCOPE CREEP Scheduling When can/should tests be run? Who should be notified? When must tests be completed? Scope
阅读全文
摘要:Project Strategy and Risk CONSIDERATIONS White-listed No one can access resources unless specifically granted Black-listed Everyone can access unless
阅读全文
摘要:Lab Environment Setup ENV1: Kali Linux Install a Kali Linux Virtual Machine. https://www.kali.org/ ENV2: DVWA - DAMN VULNERABLE WEB APPLICATION Downlo
阅读全文
摘要:Penetration Test - Planning and Scoping(7) TYPES OF ASSESSMENTS Goal-based Goals created upfront Tests set up to fulfill goal(s) Objectives-based Defi
阅读全文
摘要:Penetration Test - Planning and Scoping(6) LEGAL CONCEPTS Statement of Work(SOW) Clearly states what tasks are to be accomplished Master Service Agree
阅读全文
摘要:Penetration Test - Planning and Scoping(5) SUPPORT RESOURCES WSDL/WADL Web services/application description language XML file with lots of info about
阅读全文
摘要:Penetration Test - Planning and Scoping(4) SET EXPECTATIONS Impact The result of testing Report vulnerabilities Remediation How should client respond?
阅读全文
摘要:Penetration Test - Planning and Scoping(3) RESOURCES AND REQUIREMENTS What does each party provide? At what point does the engagement begin? Confident
阅读全文
摘要:Penetration Test - Planning and Scoping(2) TARGET AUDIENCE AND ROE Know your target audience Who is sponsoring the pen test? What is the purpose of th
阅读全文
摘要:Penetration Test - Planning and Scoping(1) PLANNING AND SCOPING Get Permission Know how much work you have to do Don't do more than that Watch out for
阅读全文
摘要:复习资料: 《Eleventh Hour CISSP》 《某哲培训讲义》 《CISSP Official Security Professional》Eighth Edition 《官方习题集》 复习: 关于是否报班:这个看个人的实际情况,对于时间比较紧的人,建议报班。 因为之前CISA,CISM都
阅读全文
