摘要:
Project Strategy and Risk CONSIDERATIONS White-listed No one can access resources unless specifically granted Black-listed Everyone can access unless 阅读全文
摘要:
Lab Environment Setup ENV1: Kali Linux Install a Kali Linux Virtual Machine. https://www.kali.org/ ENV2: DVWA - DAMN VULNERABLE WEB APPLICATION Downlo 阅读全文
摘要:
Penetration Test - Planning and Scoping(7) TYPES OF ASSESSMENTS Goal-based Goals created upfront Tests set up to fulfill goal(s) Objectives-based Defi 阅读全文
摘要:
Penetration Test - Planning and Scoping(6) LEGAL CONCEPTS Statement of Work(SOW) Clearly states what tasks are to be accomplished Master Service Agree 阅读全文
摘要:
Penetration Test - Planning and Scoping(5) SUPPORT RESOURCES WSDL/WADL Web services/application description language XML file with lots of info about 阅读全文
摘要:
Penetration Test - Planning and Scoping(4) SET EXPECTATIONS Impact The result of testing Report vulnerabilities Remediation How should client respond? 阅读全文
摘要:
Penetration Test - Planning and Scoping(3) RESOURCES AND REQUIREMENTS What does each party provide? At what point does the engagement begin? Confident 阅读全文
摘要:
Penetration Test - Planning and Scoping(2) TARGET AUDIENCE AND ROE Know your target audience Who is sponsoring the pen test? What is the purpose of th 阅读全文
摘要:
Penetration Test - Planning and Scoping(1) PLANNING AND SCOPING Get Permission Know how much work you have to do Don't do more than that Watch out for 阅读全文
摘要:
复习资料: 《Eleventh Hour CISSP》 《某哲培训讲义》 《CISSP Official Security Professional》Eighth Edition 《官方习题集》 复习: 关于是否报班:这个看个人的实际情况,对于时间比较紧的人,建议报班。 因为之前CISA,CISM都 阅读全文